Myspace account holders might have forgotten about the social network now that Facebook rules the industry. Time acquired Myspace when it bought Viant earlier this year, and verified before the Memorial holiday weekend that a large set of usernames and passwords had been stolen, and were on sale on a hacker forum. The data seems to be years old and part of its user base before it launched a new platform in June 2013 with improved security.
Time has not confirmed the number of accounts that were included in the hack. However, LeakedSource.com claims that more than 360 million accounts were involved in the security breach.
Each record includes an email address and one or more passwords. When counting the multiple passwords the grand total is more than 427 million passwords for sale, according to Tech Crunch.
Sophos research states that the Myspace hack could be the largest one in history. It would be 3.6 times larger than the 2012 LinkedIn hack that included 117 million emails and passwords.
The hack would also be much bigger than other large data breaches. They include ones involving the United States voter database (191 million records), eBay (145 million), and Target (70 million).
The stolen data set is from an era when online security made it easier to crack passwords. LeakedSource reports that the top 50 passwords from the Myspace hack made up 1.5 percent of the total passwords.
The passcodes had been stored in unsalted SHA-1 hashes. This made them vulnerable to "dictionary attacks" that try basic words to crack passwords.
Time confirmed that the security breach did not affect any other systems, subscriber data, or financial information. Meanwhile, Myspace is notifying its users about the hack. It has also disabled affected accounts.
The company is also using automated tools in order to detect and block unscrupulous activity that could take place on Myspace accounts.
Myspace CFO Jeff Bairstow said in a statement the company is very serious about the privacy and security of customer data. This is especially true due to common use of malicious software in hack attacks.
In related news, TeamView users claim their PCs were hacked and PayPal accounts drained after the company's systems went offline, but the company denies it was hacked, according to The Register.
Here's a video on the 2012 LinkedIn hack: