In what appears to be a record breaking breach, the information exposed when MySpace was hacked in 2013 has finally been publicly documented by website LeakedSource as containing nearly half a billion passwords for 360 million accounts, dwarfing previous breaches like the US Voter Database Breach (190M), Ebay (145M) and Global Payments (130M). What makes this breach particularly egregious is the fact that MySpace was storing this data with very weak encryption (SHA1) and no “salting” (an encryption technique to add complexity and randomness to each stored password), resulting in a massive password source for hackers and identity thieves.
What this means for you:
Numerically speaking, the odds are at least one of your passwords (present or past) has been compromised and is likely to be found in either LeakedSource’s or Have I Been Pwned’s databases, both of whom offer a simple lookup tool to check to see if your password or passwords have been exposed in any of the numerous breaches that have occurred over the past few years. Depending on how diligent you have been in keeping unique passwords or at least changing them, if a search turns up positive on either site, and you are still using that same password or a similar one with minor changes, you should go out and change it immediately. Additionally, if it’s available, you should be using 2-factor authentication to secure any important online accounts, especially email. Lastly, stop using the same password everywhere. It’s only a matter of time before that will come back to haunt you!
Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net