Once a social media giant, MySpace was apparently hacked and the data of over 360 million MySpace accounts is being now sold on the black market.
The breached records include email address, a username, one password and in some cases a second password.
Most of us stick to a password that we can remember and use it everywhere. Even if it’s a “secure” password by today’s standards (random letters, numbers, symbols, long, etc.) the problem is that if that password is ever hacked or exposed there is nothing to stop the hacker/thief from trying it in other places such as your Amazon, Ebay, and banking accounts.
Changing passwords frequently, not using similar passwords, and/or using password managers such as LastPass or 1Password can help keep your accounts safe.
I strongly advise users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.
MySpace Announcement 6/13/2016
Notice of Data Breach
You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information.
Shortly before the Memorial Day weekend (late May 2016), we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform.
We believe the data breach is attributed to Russian Cyberhacker ‘Peace.’ This same individual is responsible for other recent criminal attacks such as those on LinkedIn and Tumblr, and has claimed on the paid hacker search engine LeakedSource that the data is from a past breach. This is an ongoing investigation, and we will share more information as it becomes available.
What Information Was Involved?
Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and Myspace username and password.
What We Are Doing
In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword
Myspace is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts.
We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act. As part of the major site re-launch in the summer of 2013, Myspace took significant steps to strengthen account security. The compromised data is related to the period before those measures were implemented. We are currently utilizing advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that “hashes” a password or passphrase) to store passwords. Myspace has taken additional security steps in light of the recent report.
What You Can Do
We have several dedicated teams working diligently to ensure that the information our members entrust to Myspace remains secure. Importantly, if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately.