Get Out of MySpace

Potentially the largest breach yet

Time Inc., the parent company of the social network MySpace, has just been alerted to a hack. The hack includes usernames, passwords and email addresses for accounts created before June 11, 2013. MySpace claims that the hack was done by “Peace”, also responsible for the LinkedIn breach I wrote about earlier this week.

MySpace has not said how many accounts were compromised, but hacker search engine LeakedSource.com has claimed over 360 million accounts were leaked. Some accounts had second passwords, bringing compromised passwords to over 427 million. This MySpace hack could be the largest known compromise thus far. LinkedIn’s hack resulted in around 117 million accounts for sale online.

"Over 360 million accounts were leaked."

MySpace is currently alerting affected users, so check your email if you have used the service even if you haven’t used it in a while. It’s sad to say that these companies tend to keep your information long after you have closed an account with them. After all, your information is important to them.
Do any of the above look familiar? These were the most used passwords of 2013.

MySpace has voided all passwords for affected accounts, and you will need to authenticate your account and reset the password. MySpace is looking out for suspicious activity, and law enforcement is investigating. One key piece of information is that no financial information leaked. MySpace does not collect, store or use any credit card information. Finally some good news.

Once again, please practice good password hygiene:
  • Use strong, alphanumeric passwords (and be more creative than P@ssw0rd1)
  • Change passwords every once in awhile (3 months to one year is reasonable)
  • Use different passwords for each site (simply adding a few unique letters to the end is fine with a strong base password)