Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Dublin: 15°C Thursday 11 August 2022

Remember MySpace? If you joined it before, you will want to revisit it quickly

Over 360 million records have been said to be leaked, which would make it one of the biggest leaks of passwords ever.

Image: AP Photo/Mark Lennihan

MYSPACE MIGHT NOT have been relevant for a number of years now, relaunches and changing owners has not helped matters, but it’s back for the wrong reasons.

LeakedSource, the same company which compiled a database of the most used passwords gathered from the LinkedIn hack, has compiled another database with leaked MySpace passwords.

If the data is accurate, it would be one of the largest password leaks to happen with more than 360 million records in the database. It is not known when this breach happened, but it likely happened a few years back.

Why is such an old website relevant now? It’s because if you had an account with it, chances are it’s linked to your current email address, and if you think passwords standards now aren’t great, the ones used back in 2008 are even worse according to LeakedSource.

The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption… we noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt.

The other noticeable factor was the number of accounts with the password ‘homelesspa’, which is assumed to be automatically generated as all the emails that used it followed the same format.

Apart from that, the list of popular bad passwords shared a lot of similarities with other lists. The likes of ‘password1′, ‘abc123′, ’123456′ and ‘myspace1′ topped the list while ‘’ was the most popular email domain used with 126 million accounts using it.

According to Vice Motherboard, a hacker named Peace has put the data up for sale for the price of six bitcoins (roughly €2,928) on the darknet. The hacker also did the same thing with LinkedIn data which was leaked recently.

‘Mega breaches’

Another site that has fallen victim to the same problem is Tumblr where 65 million accounts have been discovered for sale on the darknet.

The database includes email accounts and passwords, but unlike MySpace, the measures Tumblr took to protect its passwords means it will be incredibly difficult to crack them.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Wall Street Tumblr Tumblr is another site said to be hacked with data already on sale on the darknet. Source: AP Photo/Mark Lennihan

All passwords were ’hashed’, a process where a password is turned into a different string of digits, and ‘salted’, which adds a random string to a password before it’s hashed.

One security research Troy Hunt who runs haveibeenpwned (HIBP), a service which keeps a record of database breaches and notifies those affected, said there was a trend of old breaches only emerging now and could mark the beginning of ‘mega breaches’ being revealed.

“This data has been lying dormant (or at least out of public sight) for long periods of time,” he said in a blog post. “And these four breaches (LinkedIn, Flirt, Tumblr and MySpace) are all in the top five largest ones HIBP has ever seen. That’s out of 109 breaches to date, too”.

If this indeed is a trend, where does it end? What more is in store that we haven’t already seen? And for that matter, even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the ‘mega’ category that are simply sitting there in the clutches of various unknown parties?

Read: There’s a way to set a sleep timer for your music apps >

Read: This Pong table is trying to bring the classic arcade game into the real world >

About the author:

Quinton O'Reilly

Read next: