{"id":8935,"date":"2016-05-31T15:23:06","date_gmt":"2016-05-31T19:23:06","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8935"},"modified":"2016-05-31T15:23:06","modified_gmt":"2016-05-31T19:23:06","slug":"myspace-hack-puts-at-least-360-million-users-at-risk","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/31\/myspace-hack-puts-at-least-360-million-users-at-risk\/","title":{"rendered":"Myspace hack puts at least 360 million users at risk"},"content":{"rendered":"

By Shawn Knight<\/a> | TechSpot<\/a><\/p>\n

Time Inc., which recently acquired pioneering social network Myspace, has confirmed<\/a> reports that the site was hacked. Like the Tumblr breach<\/a> that we reported on yesterday, the compromised Myspace data dates back several years.<\/p>\n

Time said earlier today that it first became aware shortly before Memorial Day weekend that stolen Myspace credentials were being made available in an online hacker forum. The data, which consists of usernames, passwords and e-mail addresses, was apparently swiped from the old Myspace platform \u2013 or in other words, prior to June 11, 2013, when the site was relaunched<\/a> with strengthened security.<\/p>\n

As of writing, Time says it doesn\u2019t appear as though any financial data was compromised. What\u2019s more, the breach does not impact any of Time\u2019s other systems or subscribers.<\/p>\n

Myspace is in the process of notifying affected users and is working with law enforcement in hopes of figuring out who was behind the attack. The site has also wiped all of the passwords of impacted users so at the very least, the data can\u2019t be used to log into Myspace.<\/p>\n

This is the second major security breach to surface this week in which the theft of data took place years earlier. Dated breaches like this may seem like less of a concern given their age but in fact, they present some unique challenges.<\/p>\n

With data this old, it\u2019s entirely possible that it has already been picked through before being made available on the black market. Furthermore, people weren\u2019t quite as concerned with security and privacy in early 2013 as they are today meaning passwords<\/a> were probably a bit less complex on average. Using the same password across multiple sites was also more common back then and it\u2019s entirely possible that some haven\u2019t gone back and changed passwords for older accounts they might not use as often these days, like Myspace.<\/p>\n

The only real silver lining here is that yes, the data is old and is less likely to be up-to-date.<\/p>\n

In a post on Myspace\u2019s blog<\/a>, the site says it suspects Russian hacker \u201cPeace\u201d is responsible for the attack, the same person that recently posted LinkedIn and Tumblr data on the underground market.<\/p>\n

Neither Time nor Myspace would say how many accounts were compromised although a report from LeakedSource<\/a> says the data set contains a whopping 360,213,024 records. Each \u201crecord\u201d may contain a username, e-mail address, password and in some cases, a second password. The site notes that more than 68 million records had a second password attached.<\/p>\n

The publication further reports that passwords were hashed and stored using SHA1 encryption without salting. As you may know, salting is a technique that makes it much more difficult to crack passwords. Worse yet, LeakedSource reports that very few passwords were over 10 characters in length and nearly none of them contained an upper case letter, making them even easier to decrypt.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Shawn Knight | TechSpot Time Inc., which recently acquired pioneering social network Myspace, has confirmed reports that the site […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,8],"tags":[450,729],"class_list":["post-8935","post","type-post","status-publish","format-standard","hentry","category-security","category-social-media","tag-hack","tag-myspace"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2k7","jetpack-related-posts":[{"id":9031,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/09\/24\/heres-what-you-should-know-and-do-about-the-yahoo-breach\/","url_meta":{"origin":8935,"position":0},"title":"Here’s what you should know, and do, about the Yahoo breach","author":"NCCT","date":"September 24, 2016","format":false,"excerpt":"By Lucian Constantin | IDG News Service | PCWorld Yahoo\u2019s announcement that state-sponsored hackers have stolen the details of at least 500 million accounts shocks both through scale\u2014it\u2019s the largest data breach ever\u2014and the potential security implications for users. That\u2019s because Yahoo, unlike MySpace, LinkedIn and other online services that\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7040,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/04\/sony-pictures-hack-gets-uglier-north-korea-wont-deny-responsibility-updated\/","url_meta":{"origin":8935,"position":1},"title":"Sony Pictures hack gets uglier; North Korea won\u2019t deny responsibility [Updated]","author":"NCCT","date":"December 4, 2014","format":false,"excerpt":"More evidence has emerged that makes the Sony Pictures hack look similar to a suspected attack on South Korean companies over a year ago. And a spokesperson for the North Korean government, rather than denying his country\u2019s involvement, is playing coy as the damage to Sony appears to be growing\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8413,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/06\/16\/us-fears-second-major-breach-exposed-more-employee-data\/","url_meta":{"origin":8935,"position":2},"title":"US fears second major breach exposed more employee data","author":"NCCT","date":"June 16, 2015","format":false,"excerpt":"A second major cyber breach that might reveal far more personal and damaging information appears to have hit the U.S. government\u2019s Office of Personnel Management (OPM). The breach was apparently carried out by hackers with connections to China and targeted a database containing copies of the government\u2019s Standard Form 86,\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8626,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/16\/report-new-hack-lets-an-attacker-bypass-password-locked-android-home-screens-2\/","url_meta":{"origin":8935,"position":3},"title":"Report: New hack lets an attacker bypass password-locked Android home screens","author":"NCCT","date":"September 16, 2015","format":false,"excerpt":"If no one has been able to convince you to take your device\u2019s security seriously, perhaps this hack will do it. A video uncovered by Ars Technica shows someone able to use the emergency call access to gain entry to a locked phone, even though it\u2019s protected with a password.\u2026","rel":"","context":"In "Hardware"","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/J-pFCXEqB7A\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3235,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/21\/how-easy-is-it-to-hack-javascript-in-a-browser\/","url_meta":{"origin":8935,"position":4},"title":"How easy is it to hack JavaScript in a browser?","author":"NCCT","date":"August 21, 2013","format":false,"excerpt":"This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. Imagine an auth system where you're using a\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5625,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/29\/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns\/","url_meta":{"origin":8935,"position":5},"title":"\u201cTrueCrypt is not secure,\u201d official SourceForge page abruptly warns","author":"NCCT","date":"May 29, 2014","format":false,"excerpt":"One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use. \"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,\" text in red at the top\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8935"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8935\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}