Monday, 30 May 2016

On 02:20 by admin   No comments
The hacker Peace is offering for sale hundred Million stolen MySpace Passwords on the black marketplace. This is one of the greatest leaks of ever.

A few days ago a hacker with the nickname “Peace” offered for sale on the black market 117 million LinkedIn account credentials.

The same hacker is offering for sale 360 million emails and passwords of MySpace users, an amazing amount of data, one of the largest password leaks of ever. Peace is offering the precious archive on The Real Deal for 6 Bitcoin (roughly $2,800, the data includes the stolen passwords and emails.

It is still unclear the source of data, but according to the LeakedSource service the archive is related to a past and unreported security breach.

LeakedSource is a search engine capable of searching over 1.6 billion leaked records obtained with the aggregation of data from hundreds of disparate sources.

Stolen records include username, primary password, email address, and for some users a second password.

“MySpace.com was hacked. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data.” states a blog post published by LeakedSource

“This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password, total is below). “

It seems that MySpace did not respect best practice for password management. The MySpace passwords were stored in SHA1 with no salting. As usual, these data breaches reveal the bad users’ habit in password management, very few passwords were over 10 characters in length and nearly none contained an upper case character.

0 comments:

Post a comment