Data pinched from around 360 million MySpace accounts is up for sale online, according to recent reports. The information can be purchased on criminal forums and is being sold by “Peace”, the hacker who sold credentials for 165 million LinkedIn accounts this month. Leakedsource.com, a service that allows users to check their credentials against stolen data sets, wrote in a blog that the information may contain an email address, a username, and one password and in some cases a second password. Further, Leakedsource.com also stated that of the 360 million records stolen 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password. In addition, it was also pointed out that the methods that MySpace used for storing passwords are against the proposed Internet standard. Very weak passwords and encryption methods were used, which make up easier for people to decrypt it.
Naked Security Sophos
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street