MySpace Data Breach Exposes Passwords for 427 Million Users

LeakedSource, a company that maintains a searchable database of credentials leaked in data breaches, has revealed today it added over 427 million user records to its immense database, after earlier this week it also added 167 million LinkedIn accounts.

MySpace has not released any statement on this incident yet. If confirmed, the MySpace data breach will be one of the biggest data breaches to date.

LeakedSource cracked most passwords

In total, data for around 360,213,024 users was included, containing details such as usernames, email addresses, and passwords.

Just like in LinkedIn's case, the data was not uniform. LeakedSource analysts say they found 427,484,128 user passwords, but not all were attached to accounts, some accounts had a secondary password, some had a secondary password and no primary password, and some database entries contained just the password.

The company says passwords were encrypted with SHA1, but they were not salted. Because of this, LeakedSource analysts were able to crack most of them.

Users can request LeakedSource to remove their data

The company says it received the data from an anonymous user via Jabber. There is also a listing on the Dark Web that claims to sell the MySpace database as well.

LeakedSource says that users that are uncomfortable about the idea of having their data listed in its database can request its removal by sending its staff an email. Nevertheless, since the data is also up for sale, the people interested in getting their hands on the data can easily obtain it if they ever want to get ahold of your MySpace password. The best solution at this time would be to use unique, strong passwords for all your online accounts.

Below are tables with the top MySpace passwords and the top email domains. Just take note that the first entry, "homelesspa," was automatically generated for a number of accounts that had the same email format, possibly bots or fake users.