Password collectors rejoice: 427 million MySpace password posted online

Thomas White, a security researcher who goes by the handle of TheCthulhu, has posted a database of 427 million passwords stolen from MySpace on his website.

A hacker calling himself Peace of Mind, posted the database on the dark web marketplace The Real Deal at the end of May 2016. A few days later, MySpace ordered a password reset on all its users to help protect their accounts.

White explains on the site, “The following contains the alleged data breach from Myspace dating back a few years. As always, I do not provide any guarantees with the file and I leave it down to you to use responsibly and for a productive purpose.”

The database of passwords is not in cleartext. They are hashed with the SHA1 algorithm which Bruce Schneier has denounced as a weak method of encrypting data.

TeamViewer recently got in trouble for just such a leak. The company claimed that there was no security vulnerability, and blamed the practice of users re-using passwords.

As always, the advice from BeCyberStreetWise.com, the UK government-led cyber-security scheme encourages users not to reuse passwords.