Myspace — remember Myspace? — has had a major data breach:
“Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum,” the site wrote in a blog post. The breach occurred on June 11, 2013, and affects a portion of accounts created on the old Myspace platform.
Myspace did not reveal how many accounts were affected, but LeakedSource, a search engine for leaked records, which claims to have obtained a copy of the stolen information, said the data set includes 360,213,024 records. Each record may contain an email address, username, one password, and in some cases a second password; no financial information was involved.
I have received the following notification from Myspace (note it’s no longer BiCapitalized) HQ:
Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and Myspace username and password.
In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password.
As a test, I duly attempted to log back in, and was so prompted. Password has now been reset.
The LeakedSource page on this breach lists the top 50 passwords, some of which were used by literally thousands of people. I’m pretty sure no one else was using mine.