Hacker claims to have 360M stolen MySpace logins

Hacker claims to have 360M stolen MySpace logins
© Getty Images

The same hacker who last week was selling millions of stolen LinkedIn logins online now claims to have 360 million emails and passwords of MySpace users, in what could be the largest such breach ever recorded.

Both the hacker, known as "Peace," and hacked-data search engine LeakedSource say the data are from a past, unreported breach. 

It is unclear when the company was hacked, according to Motherboard, but if the data is legitimate, MySpace either wasn’t aware of the breach or failed to disclose the incident to its customers. 

ADVERTISEMENT
Motherboard, which did not have access to the complete data, was able to perform a spot-check of five email addresses through LeakedSource, which has access to the trove. Each of the five addresses returned a legitimate password.

As with the 117 million exposed LinkedIn records, the MySpace data was poorly secured, according to LeakedSource.

Although the exposed passwords are encrypted, they were protected with a weaker algorithm that makes them easier to crack. The passwords were "hashed" — converted to a string of numbers — but not "salted," which adds a few random characters specific to each user to the end of every password.

A LeakedSource operator told Motherboard they expect to crack 98 or 99 percent of the passwords by the end of the month.

The once-dominant social media company has not commented on the alleged breach.

The stolen LinkedIn data originated from a 2012 breach that turned out to be much larger than originally thought.

Around 6.5 million passwords were posted online when the breach occurred, although LinkedIn never confirmed the scope of the breach. The company rolled out a mandatory password reset for all accounts it believed were compromised.

This month, a LinkedIn spokesman said that the 6.5 million passwords originally released were not necessarily all of the stolen data.

“We don’t know how much was taken,” Hani Durzy told Motherboard.