360 Million MySpace Accounts for Sale on Dark Web
The same hacker who listed 164 million LinkedIn user accounts for sale on the dark web now says that they have 360 million MySpace user emails and passwords. If true, this would be one of the largest password leaks ever, according to Motherboard.
The hacker, who goes by Peace, and LeakedSource, a paid hacked data search engine, said they obtained these credentials in an earlier, unreported breach.
Peace is selling the data for 6 Bitcoin (about $2,800).
To verify whether the claims were legitimate, Motherboard sent LeakedSource the email addresses of three employees and two friends who had MySpace accounts. LeakedSource was able to provide the correct passwords.
LeakedSource gives subscribers, who pay between $2 a day to $265 a year, access to a site that claims a collection of more than 1.6 billion hacked or leaked records. The are selling MySpace hacked datasets that contain, “an email address, a username, one password and in some cases, a second password,” according to their blog.
While there are over 427 million passwords in the database, there were only over 360 million emails. “Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password),” wrote LeakedSource.
Much like the LinkedIn leaked data, the passwords from MySpace were hashed with a weak SHA1 algorithm. Also, the passwords had not been salted, the process by which random bytes are added to the end of a password to make it harder to crack.
Because of this, a LeakedSource operative named Texas88 said they expect to crack 98 to 99% of the passwords by the end of the month.
While MySpace is not as popular as it was a decade ago, it claims to have one billion registered users and reported 50 million unique visitors per month.