MySpace confirms data stolen from 360 million accounts in hack

Social media platform MySpace has confirmed that account information was stolen in a hack. The company won’t say how much, but the leaked database contains data from 360 million accounts. MySpace states that the hack took place before June 2013.

The MySpace blog post states that only accounts created before that time are affected, but offers no further information on the exact time of the hack. Researcher Troy Hunt, who has written extensively about the recent hacks of LinkedIn and Tumblr, among others, assumes, based on an analysis of the leaked email addresses, that this is somewhere between the summer of 2008 and the beginning of 2009. He conducted an analysis of the popularity of various email providers, assisted by MySpace users.

The leaked data concerns 360 million accounts, of which 427 million passwords, because some accounts had more passwords. It also concerns 111 million usernames. The passwords were hashed using the sha1 algorithm and not salted. This was also the case with the LinkedIn hack. Also, the MySpace data was provided by the same person who sold the LinkedIn and Tumblr data. He is known only as ‘Peace’. MySpace states in its blog that this person is actually the ‘Russian cyber hacker’ who carried out the hack, but provides no further substantiation.

The MySpace data is now available on Hunt’s ‘have I been pwned’ site, where users can check whether their data has been stolen. The MySpace data is currently the largest database on the site, putting the LinkedIn hack in first place. MySpace has reset the passwords of the affected accounts.