Millions of passwords from the massive password hack at Myspace have been dumped online for anyone to access.
Thomas White, a security researcher also known under the pseudonym TheCthulhu, has published the database of 427 million passwords for more than 360 million users of the social network.
The passwords were stolen by an unknown hacker in May, who sold the cache of data on the dark web, but it can now be browsed for free through White’s website. The site, which launched earlier this week, has been a slow and unresponsive at times, but once you get online, you can download the stash of passwords. Be warned that it’s a 14.2GB file and, naturally, you should also be wary of possible security threats.
“The following contains the alleged data breach from Myspace dating back a few years,” said White. “As always, I do not provide any guarantees with the file and I leave it down to you to use responsibly and for a productive purpose.”
Myspace may seem like an odd target for a hacker in 2016, with the social network’s heyday long behind it, but as we learned with the LinkedIn breach from years ago, hackers aren’t interested in the account itself but rather the password.
People are notorious for reusing passwords. If a scammer can get access to one password, they can potentially get into several other accounts, and we’ve already seen one casualty of the Myspace breach this week.
Oculus CEO Brendan Iribe found his Twitter account compromised yesterday, with the culprit sending out a fake resignation tweet. According to reports, the unidentified prankster found Iribe’s password in the Myspace dump and took a shot at using it to log into different accounts.
In the aftermath of any data breach or hack, you should be vigilant and change any relevant passwords, and also ensure that you haven’t reused any passwords.