Over 360 million Myspace credentials are being sold to the highest bidder on the dark web as Time Inc. confirmed the once-popular social network was the victim of a massive “hacking incident.”
Time Inc., which acquired the Myspace brand through its purchase of data-marketing company Viant in February, said in a statement Tuesday that its security team was informed shortly before the Memorial Day weekend that stolen Myspace-user login data was being made available in an online hacker forum.
While most of the affected accounts likely haven't been accessed for quite a long time, their owners will still be at risk if they have reused the same email/password combination for accessing other online services like email, banking and shopping.
The attack on Myspace was widely rumored among security professionals prior to Time Inc.’s confirmation, with a well-known hacker known as Peace telling Motherboard last week that he was looking for $2,800 for access to a list of 360 million email addresses and passwords, making it one of the largest leaks in history. Several other people are also offering access to the cache of data online.
It remains unclear when the breach took place, with Time Inc. simply saying the compromised data is limited to “a portion of Myspace usernames, passwords and email addresses” from prior to June 11, 2013. Myspace was the world’s biggest social network in the years from 2003 to 2008, with a valuation of $12 billion, but it was eventually eclipsed by Facebook and Twitter. It was bought by Rupert Murdoch’s News Corp. in 2005 for $580 million but did not develop into a viable business. It was subsequently sold to Viant (then known as Interactive Media Holdings) in 2011 for just $35 million.
Viant said it owned a database of 1.2 billion users, indicating that the breach is limited to about one-third of all Myspace accounts. Time Inc. said it was in the process of informing all those affected but said the breach would have no effect on the security of its own systems, subscriber information or other media properties.
“We take the security and privacy of customer data and information extremely seriously — especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” Jeff Bairstow, Time Inc.’s CFO, said. “Our information security and privacy teams are doing everything we can to support the Myspace team.”