MySpace, which does still exist, suffered a data breach, which its current owner, Time Inc., confirmed on Tuesday. The exact number of user accounts included in the batch that surfaced in an online hacker forum wasn’t confirmed by the company, but it could include over 300 million.
This is just the latest database breach to affect millions with online accounts and is a reminder that accounts should be deleted when you stop using them or make sure you have great passwords. Here’s what you need to know about this latest security breach.
1. Data Comes From 2013
Time Inc. confirmed that the data comes comes from prior to June 2013, when MySpace was relaunched and more security features were added. The data includes usernames, email addresses and passwords. Since Time Inc. didn’t become MySpace’s owner until earlier this year, no other Time Inc. sites were affected.
MySpace is notifying affected users and already working with authorities. Time Inc. said that passwords for all the affected users were already invalidated.
Time Inc. CFO and Executive VP Jeff Bairstow said in a statement that the company’s “information security and privacy teams are doing everything we can to support the Myspace team.”
2. Over 360 Million Accounts Were Included in Data Set
Leaked Source, a site that has millions of searchable records, reports that the MySpace data set includes 360.2 million records. Of those, 111.3 million accounts had usernames, while 68.5 million had a secondary password. That means that there were more passwords than users. According to the site, there were 427.5 million total passwords in the data set.
A chart on Leaked Source revealed that many of the passwords used are the commonly used passwords that people shouldn’t use. This includes “password1,” “abc123,” “123456” and even “myspace1.” The most-used password was “homelsspa,” which was used over 855,000 times.
“@Yahoo.com” was the most common email domain name, showing up 126 million times. “@hotmail.com” came in a distant second with 79.7 million.
3. Could Be The Largest Data Breach of All Time
As TechCrunch points out, the blog Sophos suggests that this might be the biggest data breach of all time. It’s much bigger than the 117 LinkedIn passwords and emails that leaked last month from the 2012 LinkedIn hack and more than the 2013 Target hack that affected 70-110 million customers.
The scale of the data breach shows just how popular MySpace was at its height. However, by 2011, it was losing 10 million users a month. In 2010, the site had 95 million active users, notes The Telegraph.
4. MySpace Isn’t the Only Social Network Dealing With Leaks This Week
In addition to checking out your old MySpace account, be sure to secure your Tumblr data as well if you have been using the blogging social network for several years. On May 12, Tumblr revealed that it learned of a breach of email addresses and passwords from 2013, before Yahoo bought the site.
Motherboard reports that the hack affected 65 million accounts with passwords and emails. Tumblr wouldn’t confirm that data. A hacker told Motherboard that the data wasn’t worth much to him though, because Tumblr “salted” the passwords, making the list just a collection of emails.
5. Make Sure Your Passwords Are Strong
This goes without saying and the leak of data from MySpace and Tumblr should be a good reminder. Always make sure you have strong passwords and never – ever – use the same password at multiple sites. The list of passwords used by MySpace users shows that making passwords personal, as in something that only you can remember, is a must.
ConnectStafely.org notes that passwords should always be at least right characters long and include a capital letter and symbol. Another idea is to make sure you don’t use dictionary words and that it isn’t a word someone could easily guess just by looking at your social network pages.