There is a saying in the world of cybersecurity: “there are two types of companies, those that have been hacked, and those who do not know that have been invaded.” MySpace apparently is in the second category. The same hacker who was selling the data of more than 164 million LinkedIn members last week, now claims to have 360 million e-mails and MySpace user passwords. It is not clear when the data was stolen from the social network, but both the hacker, who is known as Peace, as one of LeakedSource operators, a hacked data search engine that also claims to have the credentials, said the information was stolen for a while.
The database contains more than 427 million passwords, but there are “only” 360 million e-mails, according to LeakedSource, who announced the leak on Friday in a post. Each record contains hacked “an e-mail address, user name, one password and, in some cases, a second password,” according to the site. “Of the 360 million, 111 million accounts had a name of a user connected to it and 68 million had a secondary password,” LeakedSource wrote, offering to subscribers who pay $ 2 a day, or $ 265 per year, access to the site claims is a collection of over 1.6 billion records leaked.
The Motherboard site managed through LeakedSource, password three employees and two acquaintances who had accounts on MySpace. The social network is one of the largest sites for 10 years and boasted reach almost 1 billion users. If the numbers are accurate, this is one of the largest data theft ever. And more importantly, it shows that the company did not know or theft or not informed its users the security flaw. Although the platform is already largely abandoned, many users end up using the same password for other services and accounts, which can cause further attacks.