U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hundred Million Stolen MySpace Passwords for sale in the darkweb

The hacker Peace is offering for sale hundred Million stolen MySpace Passwords on the black marketplace. This is one of the greatest leaks of ever. A few days ago a hacker with the nickname “Peace” offered for sale on the black market 117 million LinkedIn account credentials. The same hacker is offering for sale 360 million emails and […]

Hundred Million Stolen MySpace Passwords for sale in the darkweb

The hacker Peace is offering for sale hundred Million stolen MySpace Passwords on the black marketplace. This is one of the greatest leaks of ever.

A few days ago a hacker with the nickname “Peace” offered for sale on the black market 117 million LinkedIn account credentials.

The same hacker is offering for sale 360 million emails and passwords of MySpace users, an amazing amount of data, one of the largest password leaks of ever. Peace is offering the precious archive on The Real Deal for 6 Bitcoin (roughly $2,800, the data includes the stolen passwords and emails.

It is still unclear the source of data, but according to the LeakedSource service the archive is related to a past and unreported security breach.

LeakedSource is a search engine capable of searching over 1.6 billion leaked records obtained with the aggregation of data from hundreds of disparate sources.

Stolen records include username, primary password, email address, and for some users a second password.

“MySpace.com was hacked. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data.” states a blog post published by LeakedSource

“This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password, total is below). “

It seems that MySpace did not respect best practice for password management. The MySpace passwords were stored in SHA1 with no salting. As usual, these data breaches reveal the bad users’ habit in password management, very few passwords were over 10 characters in length and nearly none contained an upper case character.

LeakedSource is expected to crack almost all the MySpace Passwords in the leaked archive in a few days.

top MySpace Passwords

Source LeakedSource

According to MotherBoard, that was one of the first to publish the news, the MySpace Passwords are being circulated in the underground by other hackers as well.

Journalists at Motherboard, tried to verify the authenticity of the leaked MySpace Passwords, they decided to contact Peace to verify a number of account credentials belonging to their staffers.

“Neither Peace nor LeakedSource provided a sample of the hacked data. But Motherboard gave LeakedSource the email addresses of three staffers and two friends who had an account on the site to verify that the data was real. In all five cases, LeakedSource was able to send back their password.” reported Motherboard.

MySpace did not respond to multiple requests for comment, meantime is you are a MySpace user don’t waste time and change your password-

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – MySpace passwords, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]