Time Inc. only got the keys to Myspace.com a few months ago, but it’s already having to confirm some bad news:
the social network has been the target of a hack. In a press release, the company says that just before the Memorial Day weekend (or Spring Bank Holiday in the UK), its technical teams were notified of someone trying to sell Myspace usernames, passwords and email addresses that were registered before June 2013.
Time Inc. doesn’t say how many accounts are affected, but a blog post on LeakedSource — a site that lets users check whether their email or social media accounts have been compromised — suggests that 360 million records may have been stolen in the breach.
Myspace is already in the process of alerting those affected and is working with the authorities to identify who may be responsible. Given that the person (or people) involved shared an alias with LeakedSource, investigators will have at least something to go on.
“As part of the major site re-launch in the summer of 2013, Myspace took significant steps to strengthen account security. The compromised data is related to the period before those measures were implemented,” says Myspace in a blog post. “We are currently utilizing advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that “hashes” a password or passphrase) to store passwords.”
Even though you may no longer use Myspace, the leaked database may include details from when you did (and know all about your terrible taste in music). Myspace has already invalidated every one of the passwords, but it might be worth updating your other accounts if you tend to recycle your credentials between websites.