The one time popular social network is currently at the centre of a huge security breach after hundreds of millions of user account details from MySpace and Tumblr appeared for sale online.
The logins were reportedly stolen several years ago but have only now been made public after they were discovered for sale on the Dark Web.
The 360.3 million MySpace account details, which amounts to 33GB of data, contains email addresses, usernames and passwords and is believed to have been stolen between 2008 and 2009.
MySpace, which is now owned by Time Inc, acknowledged the security breach in a statement released on Tuesday.
Before Facebook rocketed in popularity in 2008, MySpace was the world’s most popular social network, and at its peak had more than 76 million active users each month.
While it is likely that many of those accounts are now dormant, this data leak could still potentially put millions of users at risk, especially if people have used the same email address and passwords for other online accounts, such as other social media accounts, email or online banking and shopping sites.
Cyber criminals may try and specifically target the leaked emails in order to carry out phishing or ransomware attacks.
RELATED: How to create a strong password
The leaked data was discovered for sale on an online hacker forum called The Real Deal by LeakedSource, a website that collects and analyzes leaked credentials.
After assessing the leaked data, a researcher said: “We noticed that very few passwords were over 10 characters in length [in the thousands]and nearly none contained an upper-case character, which makes it much easier for people to decrypt.”
The researcher added that the many passwords in the breached data were very weak. For example, ‘password1’ was used in 585,503 instances, ‘123456’ was used in 487,945 instances, ‘myspace1’ used 276,915 instances and ‘abc123’ used in 569,825.
The data leaked from the MySpace hack was for sale for approximately 100,000 baht and was posted online by a user with the username of ‘Peace’. This same username, reported to be from a Russian hacker, posted data of 117 million LinkedIn accounts earlier this month.
“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Jeff Bairstow, Time Inc.’s chief financial officer.
“Our information security and privacy teams are doing everything we can to support the Myspace team”, he added.