Tuesday, 31 May 2016

Myspace hack may be the largest breach ever

Myspace hack may be the largest breach ever

I haven't logged into my Myspace account for over 10 years, but I did create it before June 11, 2013, which means my account login data - along with more 360 million other accounts - could be up for sale online.

The OG social network's parent company, Time, Inc., announced today that it was recently alerted to a hack that scooped up usernames, passwords and email addresses for accounts created before that June date.

It's important to make the chronological distinction because it's after then that Myspace migrated to a new, more secure platform.

Though Myspace didn't say how many accounts were compromised, LeakedSource.com, a paid hacker search engine, published a report that information for more than 360 million accounts was stolen. Because some of the accounts had a second password attached to it, the number of compromised passwords actually sits at over 427 million.

Myspace says a Russian hacker named "Peace" is responsible for the breach. Peace is also responsible for hacks on LinkedIn and Tumblr, and, according to Myspace, has claimed on LeakedSource that the Myspace data is from a past hack.

The sheer size of compromised accounts makes the Myspace hack possibly the largest hack ever. For comparison, Peace's LinkedIn hack, which took place in 2012, saw emails and passwords for 117 million accounts end up for sale online. The Anthem hack of 2015 saw personal information for 78.8 million people stolen, while a US voter records data breach exposed the information of 191 million.

What Myspace is doing, and what you can do

Myspace is alerting affected users, so keep an eye out for a note from the service, even if you haven't used it in over a decade, like myself.

But also like myself, you may not use the same email address you used to set up your Myspace account (or even remember it), which poses a bit of a problem in this mitigation strategy.

Myspace has invalidated all passwords for compromised accounts that were created before June 11, 2013. If your information was stolen and you still use the service, you'll be prompted to authenticate your account and reset your password the next time you visit Myspace.

The site is also keeping an eye out for suspicious activity using automated tools, and law enforcement is involved in investigating and attempting to persecute the hacker.

One small relief is that no financial information was involved stolen; Myspace doesn't collect, use or store any credit card or other such info.

However, if you still use your old Myspace password for other accounts across the web, it's probably best to change those so your other accounts aren't at risk as well.

http://ift.tt/1P28EVS

No comments:

Post a Comment