"In my experience, it's the one kind of reply that guarantees the legal department doesn't reply," he says. ![]() When asked if he would remove the MySpace data if asked by its Time Inc.-owned parent company, Viant, White displayed a vulgar animated GIF image with a phrase that can't be printed here. White created two subdomains on his website that host torrents, or small data files that allow both breaches to be downloaded using the BitTorrent file-sharing protocol. onion websites and underground hacking forums, it may be more difficult. But for those who don't regularly browse hidden. Not Hard to Findįor those who knew where to look, the data for MySpace and LinkedIn data breaches wasn't hard to find. The data from all of the dumps quickly circulated among security researchers and breach notification services such as LeakedSource and Have I Been Pwned. SHA1 hashes, especially those for simple passwords, can be cracked depending on how much computing power is dedicated to the task. But prior to both breaches, the services were still using the SHA1 algorithm for hashing, which has long been considered insecure. It should be nearly impossible to covert a hash into an original password. A hash is a cryptographic representation of a password that has been processed through an algorithm. The MySpace and LinkedIn credentials contained user names and hashes of passwords. Other confirmed data dumps released in May included Fling and Tumblr (see 'Historical Mega Breaches' Continue: Tumblr Hacked). MySpace said user accounts created prior to June 2013 were affected, which indicated when it may have been breached. The 165 million LinkedIn accounts came from a 2012 data breach initially thought to have only affected 6.5 million accounts. It was unclear why the data was suddenly put up for sale years after the breaches occurred (see LinkedIn, MySpace Hacker 'Urgently' Needs Money). But once that happens, they will probably reset their passwords now and learn the lesson, rather than learn it in 12 months when they have five more accounts with the same password."Ĭlosely held for years, the LinkedIn and MySpace data sets bubbled to the surface in May after being posted for sale on underground forums by a suspected Russian hacker. ![]() "People will as a result probably get a few accounts compromised. In a chat over instant messaging, White acknowledged an ongoing risk to people who may still be reusing their MySpace and LinkedIn passwords on other services. He also posted download links for the 165 million LinkedIn accounts recently released. Thomas White, an independent security researcher in the U.K., has now made the 360 million credentials from the MySpace breach available on his personal website. See Also: Live Webinar | Reclaim Control over Your Secrets - The Secret Sauce to Secrets Security So it was only a matter of time before data from two of the largest data breaches of all time, the attacks on MySpace and LinkedIn, became easily accessible. And when the leaking starts, it spreads like wildfire. It doesn't take long for compromised data to be shared across the cybercriminal underground.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |