MySpace Hacked, suffers ‘mega breach’
This morning many of you will have woken up to the news that Myspace has been compromised and some of you, like myself will have received an e-mail (titled “Critical Information About Your Myspace Account”) regarding this. It would seem these older social media platforms seem to have had a number of logins stolen several years ago but the information is only just coming to light now.
The email starts:
“Notice of Data Breach
You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information.”
It then goes on to say how this only affects accounts created prior to June 11, 2013. They also recommend an immediate password change. (The link is here for those who haven’t already done so https://myspace.com/forgotpassword). They have of course invalidated all accounts that they believe may have been hacked.
How did Myspace find out they were hacked?
These logins were discovered as they are being traded online in some of the darker places of the internet. Along with a number of LinkedIn, Fling, Tumblr ID’s all stolen a number of years ago.
These passwords were then checked by news site motherboard who purchased a number of logins and tested them. Confirming in those cases at least that real passwords were supplied.
So, Myspace was hacked…I don’t use it anymore
If like me you haven’t logged into Myspace in a good many years you may not care or think it matters. However I would at least urge you to think about the passwords you used on these old platforms. These are now in the open so if you have reused these anywhere…Change them. Immediately! Also consider the potential identity theft implications. If you still actively use these sites a person or persons could obviously have masqueraded as you in the past or could do the same now. There is also an amount of fingerprinting they could have carried out on you. What music you like, the people you socialise with, photos that could have been stolen and reused elsewhere. This is all GREAT stuff for a hacker or somebody who may want to use your identity in a social engineering attack later down the line. A simple social engineering hack could be something as simple as creating an email with your name and emailing some of these contacts at work so they assume it is you. This is exactly the way our white hat hackers would create trust to get information on a social engineering campaign.