360 Million MySpace Accounts Reportedly Hacked

UPDATED May 31, 2016 with comment from MySpace.

Data stolen from an estimated 360 million MySpace accounts is reportedly for sale in online criminal forums, though, judging by the most commonly used passwords in the data set, the set may be pretty old.

Credit: Nirut Rupkham/Shutterstock

(Image credit: Nirut Rupkham/Shutterstock)

Vice Motherboard's Lorenzo Franceschi-Bicchierai said the data set was being sold by "Peace," the same person who sold credentials for 165 million LinkedIn accounts last week. LeakedSource.com, a website that lets people check their own credentials against stolen data sets, sometimes for a price, said it has added the MySpace account data to its service.

If you ever had a MySpace account, and you used the same username and password for other accounts, change the passwords on those accounts now and make the new passwords strong. If you still care about your MySpace account, then change that password too.

MORE: What to Do After a Data Breach

Launched in 2003, MySpace was the dominant social-networking website in the world from about 2005 to 2009, when it was eclipsed by Facebook. It's not clear how many registered users MySpace has had, but its owners in January 2015 told The Wall Street Journal that the number then was "over a billion."

Tom's Guide has reached out to MySpace for comment, and we will update this story when we receive a response.

LeakedSource.com said that among the stolen MySpace data were 427 million passwords, as some accounts had more than one password. The stored passwords had been "hashed," or mathematically scrambled, for security purposes, but in a way that is now often reversible.

A list of the most common MySpace passwords compiled by LeakedSource.com includes some throwbacks. No. 23, with 81,028 entries is "jordan23", a reference to NBA star Michael Jordan and his Chicago Bulls uniform number. No. 31 is "blink182", the name of the punk-pop band whose biggest hits were in the late 1990s. No. 55 is "50cent", the rapper whose first album came out in 2003.

None of the most common passwords refer to any later cultural phenomenon, though a couple are mysterious. The most common password of all, with 855,478 entries, is "homelesspa", which LeakedSource thinks was used by a set of automatically generated accounts. Also popular is "29rsavoy", with 71,551 users.

MySpace was famously bought by News Corporation for $580 million as it was ramping up its user base. Six years later, well past its prime, it was sold for $35 million to a media company and pop star Justin Timberlake and repurposed into a music-oriented website. In February 2016, Time Inc. bought the site for an undisclosed amount.

UPDATE: MySpace responded to our query on Tues., May 31, directing us to a company blog posting.

"Email addresses, MySpace usernames, and MySpace passwords for the affected MySpace accounts created prior to June 11, 2013 on the old MySpace platform are at risk," the posting read in part. "We have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old MySpace platform. These users returning to MySpace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword."

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.