MySpace, a popular social network in the music industry, is the latest subject in a growing list of user information leaks. This latest pool of data includes email addresses, one or more passwords and a username.

Over 427 million passwords are included in the data set, with 360 million email addresses. The discrepancy is caused by some accounts having a secondary password. Passwords were hashed with the SHA-1 algorithm, which is a compromised and insecure cryptographic function; the passwords were not salted.

Along with the lack of secure methods being used to store passwords, many users did not use secure passwords, as they did not contain uppercase letters or were less than 10 characters in length, making it easier to guess the password, through a method known as brute-force. Here's a selection of just some of the top passwords used:

homelesspa - 855,478 uses
password1 - 585,503 uses
abc123 - 569,825 uses

The data is believed to have come from an old breach, that went unreported and undetected. It is on sale in the online underground for $2,800. The information was discovered by LeakedSource, who conducted several online deep-searches and followed-up rumours of data being traded on the dark web.

Posted: May 29, 2016 8:12 pm
Related Forum: PC General Forum

Source: http://www.neowin.net/news/427-million-myspace-passwords-leaked-online-in-breach