The Reason Your Myspace Account Is Back From the Dead

Bad news if you were hoping to keep your Myspace page behind you — hacked details of 360.2 million Myspace accounts are being advertised for sale online, according to a BBC report.

What was leaked.

LeakedSource — a site that offers free basic searches of hacked data, and sells more detailed searches via a paid subscription — announced the cybersecurity breach in a Friday blog post.​

The leak reportedly consisted of a database of 360,213,024 million emails and 427,484,128 passwords. Each item contained “an email address, a username, one password and in some cases a second password,” LeakedSource wrote.

Motherboard gave LeakedSource the email addresses of five people — three staff members and two friends with Myspace accounts — and the site provided their accurate passwords, in effect confirming the veracity of the database.

The most leaked passwords.

Most of the passwords contained in the database were ten or fewer characters long, and they did not contain any upper-case characters, "which makes it much easier for people to decrypt," LeakedSource noted.

Eight-hundred and fifty-five thousand of the leaked passwords were the automatically generated password "homelesspa." The top 40 most popular of the leaked passwords included choices like "password1," "jesus1," "love123," "fuckyou1,"asshole1," and "blink182." You can read the full list on LeakedSource.

The hacker behind the leak is known as Peace and is also one of the operators of the LeakedSource site, according to Motherboard.

"It’s unclear when the data was stolen from Myspace," Motherboard reported.

Your dead social media accounts and other logins may be haunting you.

I searched my own email on LeakedSource, which revealed that my data was hacked twice in 2013 — through Tumblr and the Adobe database, according to the site.

A similar breach to Tumblr was reported in May 2016, and the leak resulted in a data dump of over 65 million Tumblr users email addresses and passwords, according to the BBC.

On Tuesday, Myspace released a statement addressing the leak.

"We have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform," the social network said in a statement.

"Myspace is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts," the statement continued.

The site also said that it had reported the incident to law enforcement and had taken "significant steps to strengthen account security" during the site's summer 2013 relaunch.

The statement continued:

"The compromised data is related to the period before those measures were implemented. We are currently utilizing advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that 'hashes' a password or passphrase) to store passwords. Myspace has taken additional security steps in light of the recent report."

The passwords included in the Myspace leak were reportedly not encrypted with salting — a way of translating passwords into code that uses additional characters to make them more secure, Techopedia explains.

The best way to prevent your information from getting leaked? Stop reusing your passwords.

Though a social network's security protocol — i.e. Myspace's salting practices — is not in your control, your password is, and certain passwords were clearly more susceptible to the hack than others.

"It all comes back to whether they've been following good password practices or not," security researcher Troy Hunt told the BBC.

"If they've reused passwords across multiple services — and remember, these breaches date back several years so they need to recall their practices back then — then they may well have other accounts at risk too," Hunt added.

[h/t Mic]