MySpace confirms it has been hacked

Company confirms user credentials have been stolen, but still no word on how many

MySpace has confirmed it has suffered a database breach leading to the exposure of users emails, passwords and usernames.

Reports of a breach started to come in towards the end of last week, although MySpace had not commented on the matter until now.

According to the veteran social network, the attack affected a "portion" of those users who created their account before 11 June 2013, after which time the company switched over to a new system. MySpace has not clarified how large this "portion" is, but earlier reports suggest it is around 360 million accounts.

Advertisement - Article continues below

In a blog post, the company said that, when moving from the old platform to the new one it "took significant steps to strengthen account security", adding that "the compromised data is related to the period before those measures were implemented".

"We are currently utilising advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that "hashes" a password or passphrase) to store passwords. Myspace has taken additional security steps in light of the recent report," MySpace said.

"Myspace is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts. We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act," it added.

Advertisement
Advertisement - Article continues below

The company also sought to reassure users that their financial data was not directly at risk from the account, as the company holds no credit or debit card information. However, it recommended that members immediately change all their online passwords if they re-use their MySpace password for other services, or if all their passwords are similar to each other.

Advertisement - Article continues below

27/05/2016: 427m MySpace passwords allegedly leaked online

MySpace has allegedly been hacked, with over 427 million passwords reportedly leaked online.

News of the hack comes via LeakedSource, which claims to have received a copy of the data from one of its users.

According to reports, the MySpace hacker, who goes by the pseudonym "Peace", is the same person who was recently selling details of 117 million hacked LinkedIn accounts on the dark web.

LeakedSource, which offers a subscription service where people can search for their usernames on hacked sites to see if they have been compromised, said the details of 360,213,024 accounts, including username, email and password, have been leaked. The number of passwords leaked is higher than the number of total accounts because some have multiple passwords associated with them.

If the leak is correct, MySpace had used hashing to encrypt users' passwords, but they were not salted, making them easier to decrypt.

Advertisement - Article continues below

"The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption," said LeakedSource in a blog post published on Friday.

"We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt," it added.

IT Pro has not been able to independently verify the reports, however Motherboard claims to have verified five separate accounts.

IT Pro has contacted MySpace for comment on the alleged hack, but had not received a response at the time of publication.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/phishing/355936/inky-announces-20m-series-b-funding-round
phishing

INKY announces $20M Series B funding round

4 Jun 2020
Visit/security/ransomware/355909/microsoft-issues-warning-about-new-ponyfinal-ransomware-attacks
ransomware

Microsoft issues warning about new PonyFinal ransomware attacks

3 Jun 2020
Visit/security/data-breaches/355908/amtrak-guest-reward-suffers-a-data-breach
data breaches

Amtrak Guest Reward suffers a data breach

3 Jun 2020
Visit/security/cyber-security/355903/brand-impersonation-and-form-based-attacks-are-rising
cyber security

Brand-impersonation and form-based attacks are rising

3 Jun 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020