You would probably rather forget your Myspace profile. Mine included a number of prominently placed “My spoon is too big” references. But the social network is still around, and it apparently got hacked at some point, because user credentials from 360 million accounts started floating around online late last week. Whoops.
Myspace said in a statement Tuesday that "[e]mail addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk." It's a rare opportunity for celebration among the social network's late adopters.
Motherboard reported Friday that the hacker known as "Peace" was selling the credentials for 6 bitcoin or about $3,000. The data search engine LeakedSource also has access to the trove and released a searchable version on Tuesday. The group says that the data contains 360,213,024 user records, but 427,484,128 passwords because some users had secondary passwords. Large breaches typically affect tens of millions of people, not hundreds of millions.
Myspace isn't the only company dealing with a delayed leak lately. Both Tumblr and LinkedIn recently announced ongoing repruccussions from hacks that occurred years ago. And Peace was also the one hawking the LinkedIn data. Security researcher Troy Hunt wrote in a blog post on Monday:
If this indeed is a trend, where does it end? What more is in store that we haven't already seen? And for that matter, even if these events don't all correlate to the same source and we're merely looking at coincidental timing of releases, how many more are there in the "mega" category that are simply sitting there in the clutches of various unknown parties?
So what should you do? Myspace says it reset passwords that haven't changed since before 2013 and that it is cooperating with law enforcement. It adds, "if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately." Because we all totally remember what our Myspace passwords were a decade ago. Uh-huh.
LeakedSource has your back. It wrote, "Until MySpace responds to our attempts to contact them, we are going to display only the first few characters of plaintext passwords if available so users can verify which password of theirs was leaked." If you're worried that you're still using your old Myspace password on other accounts, now is the time to make some (strong, randomized) changes to your credentials.