Shortly before Memorial Day weekend in May, 2016, MySpace (yes, it does still exist), became aware that its user login data was being made available in an online hacker forum without authorization.
Time Inc. (NYSE:TIME), the current owner of MySpace.com, later confirmed that indeed the once-popular social media site was hacked and its user data breached.
That’s right, not only does MySpace still exist, but the once hugely popular social network that is now a music marketing platform was targeted by hackers and has suffered a data breach!
The data stolen included user login details from accounts that were created prior to June 11, 2013 — on the old MySpace platform. This means even if you haven’t used MySpace in years, you still could be at risk.
It may be difficult to remember now, but MySpace — one of the first social media sites, founded in 2003 by Chris DeWolfe and Tom Anderson — was actually very popular in its heydays. This is evidenced by the amount of user data thought compromised. The compromised data was reportedly obtained from what could be more than 360 million MySpace accounts — 111,341,258 of which have an associated username.
Fortunately, There is No Financial Information Involved
“As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and MySpace username and password,” said MySpace in a blog announcing the hack.
MySpace user records are apparently valuable. Chris Vanderhook, CEO of Viant Technologies, which bought MySpace from Rupert Murdoch’s News Corporation in 2005 for $580 million before Viant itself was acquired by TIME Inc., has said in the past that Viant used Myspace’s user data files to attract marketers who look for demographic, geographic and other information they can use to target prospects. It is this targeting ability that attracted TIME.
MySpace believes the data breach was carried out by Russian Cyberhacker ‘Peace.’ This is the same individual who is thought to be responsible for other recent criminal attacks, such as the high profile data breach on LinkedIn and Tumblr. Peace reportedly claimed on the paid hacker search engine LeakedSource that the MySpace data is from a past breach.
Alarming Trend of Social Media Data Breaches
In 2012, a high profile data breach blighted LinkedIn. More recently in May 2016, data dumps containing the email addresses and passwords of more than 100 million of the site’s users surfaced online.
Around the same time in May, Tumblr also revealed it had learned of a breach of email addresses and passwords from 2013 — before Yahoo bought the site. Although Tumblr wouldn’t confirm the scale of the breach, Motherboard reported that the hackers stole 65 million passwords and emails from the site.
MySpace says it has increased its security significantly since 2013, so current users shouldn’t have to worry too much. Specifically, the site is using “double salted hashes,” which make it much harder to crack passwords even if they’ve been breached.
But you should double-check all your social media accounts just to make sure they’re secure.
Secure Your Passwords
Interestingly, a chart on LeakedSource shows that many of the passwords that people used on MySpace are the kinds of common signins people are urged never to use. These include passwords like: “password1,” “abc123,” “123456” and even “myspace1.” The most used password was “homelsspa,” which was used over 855,000 times. It goes without saying that you should make all your passwords less predictable.
The bigger worry, though, is that if you use the same MySpace username and password combination on other sites today as you did for social networking back in 2007, you are vulnerable. Even though MySpace says it has invalidated user passwords for all affected accounts and is monitoring for suspicious activity that might occur, you should reset your password immediately.
Users returning to Myspace will be prompted to authenticate their account and to reset their password. If you joined MySpace after its 2013 re-launch as an entertainment-focused site, you should be clear.