Saturday, 28 May 2016

On 00:39 by admin   No comments
IDG network security field has been repeatedly mentioned a maxim: the company in two ways, one is has been hacked, a method is not know had been attacked.
Social media giant MySpace, clearly belongs to the second. Last week was still selling more than 164 million Linkedln user data with a hacker, then this week, claims to have received 360 million MySpace users' e-mail and password, if true, this will be the largest in the history of password breaches. Moreover, this data appears to have been circulating in the other open to hackers.
The hacker named Peace, stole data from MySpace in time is unknown, but the hackers themselves and a LeakedSource (is paid search engine intrusion data) operators say the same, and the latter said there is evidence that the causes of data loss in the past there has not been a reported vulnerability.
Peace and LeakedSource do not provide examples of stolen data. To validate the leaked data is correct, Motherboard site had registered at MySpace had three employees and two employees of a friend's email address submitted to LeakedSource, results LeakedSource correctly replied to the corresponding mailbox password.
LeakedSource on Friday announced a spill in a blog post. This data set has 427,484,128 passwords, but only 360,213,024 billion messages, the article also said that the dataset for each record contains "an email address, a user name, a password, and in some cases also include a backup password" .
"Once the data has been carried out several transactions, it will eventually spread to the hands of an untrustworthy person, then it will flood more than crazy."
"In this 360 million e-mail, there are 111,341,258 accounts bind the user name, there are 68,493,651 accounts have alternate password (some of which did not set a password first)." LeakedSource wrote.LeakedSource users can pay $ 2 a day, can also pay $ 265 per year, will be able to log in to their website and browse the company claims more than 1.6 billion being attacked or compromised data records.
Wen said the data provided by some of Tessa88 alias, but in an interview with the Motherboard. A person operating the site say they do not know the true source of leaked data, such as who was the first person to steal MySpace, do not know who "this time" has been to hold the data, and the company was attacked time.But these data finally destined to be leaked, they said.
"This is the nature of information, 'three individuals can not keep a secret, if two of them are dead." (Benjamin Franklin by Ming). "The operations officer in an online chat told me:" Once the data has been several transactions to be carried out, it will eventually spread to the hands of an untrustworthy person, then it will flood more than crazy. "
MySpace receive multiple query request, but did not stand.
LeakedSource also wrote that the password was originally performed by the SHA1 hashing algorithm that is considered weak performance, easy to break, worse, the company is not in the process of hashing passwords "salt", that is, in order to make difficult to break and password before hashing not added a bunch of random bytes at the end of the password.
So LeakedSource operational staff told me that they want to break at the end of 98% to 99% of the password, even though the officer refused to disclose how much has been cracked.
10 years ago, MySpace was one of the largest sites on the Internet, and now that social media just had plenty of its name, there is a very serious security problem. The site has recently boasted of registered users has crossed the 1 billion threshold, but according to last year's report, only 50 million monthly unique visitors.
If all data is correct, this will be the largest one ever data theft. Moreover, if all the data is correct, this will be the largest one ever data theft. More importantly, it shows that some time MySpace has been attacked, and that the company has never been found over the matter, have never publicly disclosed or inside information. If all the data actually comes from MySpace, it will be will have been tried largest mail and password leak, and will be on the top of the list of data leakage consciousness Website Have I Been Pwned.
Therefore, the user, or even abandoned accounts will allow dormant accounts at risk, because the accounts still may contain personal data and will be used in other network attacks. It is important, if you have a MySpace account you want to modify the password. But the most important thing is that if you use the same password on other more sensitive network services, will immediately change. Also consider using LastPass or 1Password password manager, etc., so that you can use proprietary and powerful password in each of the different sites.
Eastern Time 17:01 Update: Friday afternoon, claiming to Peace hackers on the Internet black market The Real Deal For Sale steal from the Myspace account passwords and other data, 6 bits bid credits (approximately $ 2800) .
"Before a fool to spread this information, I'm going to sell them." Peace told me in a chat network.


Post a comment