Cybersecurity Insight

Myspace Account Details Stolen in Cyber Attack

1 Jun

Myspace, though mostly forgotten, is not gone – while it has been rendered obsolete by Facebook and other social media behemoths, its user account data still lives and thrives to this day. Unfortunately that also means these accounts are just as vulnerable to cyber attacks as any other website: recently, it was reported that hundreds of millions of Myspace usernames and their attached passwords were put up for sale online. Sound familiar? Last week we wrote about a very similar occurrence with LinkedIn. So, despite Myspace’s slump into Internet oblivion, this current situation begs the question of whether data really loses value as it ages, or if it is preserved in the ether.

Save for its acquisition by Time Inc. (they bought the current social media company’s owner, Viant), Myspace doesn’t have the same street cred as it did back in the day. But that didn’t stop hackers from stealing millions of accounts – anywhere from 360 to 427 Million user accounts are currently for sale online or in the hands of “Peace”, the initiating attacker. Also, it should be noted that “Peace” is the same hacker who infiltrated LinkedIn and put their data up for sale this year.

There are other rather significant commonalities between the LinkedIn and Myspace attacks as well: one, that the stolen data may not be up-to-date, and two, the unsecured password statuses. There isn’t a surefire way to determine which details are current or not, but Myspace is already taking the appropriate steps and alerting as many users as possible to change their passwords and monitor accounts. The passwords were the same format as those from LinkedIn – unsalted SHA-1 passwords – and therefore easier to crack. The password security used at the time was the most advanced available; it has morphed into a much stronger position since then.

Though this is being billed as the largest data breach due to pure volume alone, it is by no means the most detrimental. However, from a company standpoint no one wants to send the dreaded email about a cyber security breach; from a user standpoint, no one wants to receive that message! Cyber security monitoring is key on both the company and user sides – educating everyone from employees to website visitors and beyond will make the user experience safer and keep a company’s cyber security safe and intact.