I was right about the data: it is indeed old

You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information. WHAT HAPPENED? Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform. Source:   But there is more: WHAT INFORMATION WAS INVOLVED? Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and Myspace username and password.   Troy Hunt writes also his own analysis and not surprisingly, he thinks that the data is actually around 8 years old . Additionally, he thinks that an insider…

Quoted in on the leak

Ionut Arghire of SecurityWeek wrote a very good article about the potential breach of 427 Million MySpace Passwords Appear For Sale and I was quoted a lot! Thanks, Ionut! I wrote more extensively about what I think of this leak: was apparently hacked, 360Mil accounts on sale and nobody knows any details There are many things that aren’t right with this breach. Read the article above… Another question, after reading the above article: how come that Troy Hunt didn’t get it? Maybe because it is only available for money? The data hasn’t been tested at all and according to Troy’s article it is not valid data: no sql dump Too many and email addresses   1 126,053,325 2 79,747,231 According to Troy, Gmail should be the top email provider these days (and also 3 years ago) Partial username, partial email address, partial password -> can it get worse than this? was apparently hacked, 360Mil accounts on sale and nobody knows any details

“Myspace was hacked” writes LeakedSource on their dedicated page for They do not add any kind of details about this hack except that they received a copy of the data from an email address (not from the hacker). As a matter of fact, there is nowhere on the web any kind of details, not to even say proof, that this has indeed happened. This includes Myspace’s site as well. Leakedsource appears to be the only entity that knows something about these over 427 Mil passwords (for 360 Mil users). But then, Leakedsource only retweets on their wall what two other websites have written about them. There is not a single commend written by them about this hack. One of the articles even writes more details about some steps that Leakedsource took to check the validity of the data. If this is so, why is this not written in their blog? If this is true, then I can’t imagine how come they miss the opportunity to write about the possibly biggest leak of accounts (email + password) of all times?   There is something wrong here. What is actually going on? On one side, what I see there is a…

%d bloggers like this: