In what has been the biggest hack in history so far, Time Inc. has confirmed that Myspace has been hacked. While Time Inc. has not yet stated how many accounts were involved, the number according to Leaked Source is reportedly over 360 million accounts, and over 427 million passwords which are now available for sale online.
This is a list of some of the most frequently used Myspace passwords that Leaked Source provided in its blog post:
Myspace released a statement on their blog addressing the hack. According to Myspace only a portion of the accounts made prior to 2013 were affected by the hack. The Myspace team believes that the data breach was executed by Russian Cyber Hacker “Peace”, who has also taken responsibility for the hack against Linkedin and Tumblr.
What now?
Myspace has been taking steps to identify and block suspicious user activity via automated tools. In attempt to protect its users, all account passwords prior to June 2013 have been reset and users will need to reset their password through myspace.com/forgotpassword . Myspace recommends that Myspace users that may have been affected and use similar passwords, immediately change their other passwords.
Trust and Security
From the way things look, it appears as if this issue has led to two major SaaS security concerns many users have.
1. Database theft: In this case 427 million passwords were compromised and are now being sold to the highest bidder.
2. Company trust: One of the biggest concerns SaaS companies need to deal with are ensuring customers can trust their brand. Myspace has seemingly violated this important principle.
My question for Myspace is: How can Myspace users continue to use a website in which a major breach occurred, what can the company do to reassure users that their information will be safe? I will update with a reply.