QuoVadis Posted May 31, 2016 Report Posted May 31, 2016 There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked. MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well. It’s unclear when the data was stolen from MySpace, but both the hacker, who’s known as Peace, and one of the operators of LeakedSource, a paid hacked data search engine that also claims to have the credentials, said it’s from a past, unreported, breach. Neither Peace nor LeakedSource provided a sample of the hacked data. But Motherboard gave LeakedSource the email addresses of three staffers and two friends who had an account on the site to verify that the data was real. In all five cases, LeakedSource was able to send back their password. The database contains 427,484,128 passwords, but there are only 360,213,024 million emails, according to LeakedSource, which announced the leak on Friday in a blog post. Each record in the hacked dataset contains “an email address, a username, one password and in some cases a second password,” according to the site. “Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password),” wrote LeakedSource, which provides subscribers, who pay between $2 a day to $265 a year, with access to what the site claims is a collection of more than 1.6 billion hacked or leaked records. LeakedSource wrote that the data was provided by someone who goes by the alias Tessa88, but in an interview with Motherboard, an operator for the site said they were unaware of the real origins of the data breach, such as who originally breached MySpace, nor who has had the data “this whole time” or when the company was hacked. But this data was bound to leak eventually, they said. “It's the nature of information. ‘Three can keep a secret, if two of them are dead,’” the operator told me in an online chat. “Once data gets traded a few times, eventually it will make its way to somebody who is not trustworthy to keep it a secret, and then it will spread like branches of a tree.” Source and full article: http://motherboard.vice.com/read/427-million-myspace-passwords-emails-data-breach Quote
