Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

You Can Now Browse Through 427 Millon Stolen MySpace Passwords (mashable.com) 64

Stan Schroeder, writing for Mashable:An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace -- some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for free. Thomas White, security researcher also known by the moniker "Cthulhu," put the database up for download as a torrent file on his website, here. "The following contains the alleged data breach from Myspace dating back a few years. As always, I do not provide any guarantees with the file and I leave it down to you to use responsibly and for a productive purpose," he wrote. The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.
This discussion has been archived. No new comments can be posted.

You Can Now Browse Through 427 Millon Stolen MySpace Passwords

Comments Filter:
  • by Anonymous Coward

    More like a criminal. Why are you people okay with this behavior?

    • Re: (Score:2, Funny)

      by bmk67 ( 971394 )

      Who precisely is "you people"?

    • VUZE is now malware (Score:4, Informative)

      by goombah99 ( 560566 ) on Friday July 01, 2016 @01:50PM (#52428059)

      I opened up my trusty torrent client, Vuze, to download this and it asked to install an update. I let it, and then bad craziness broke out. I visibly opened all my browsers up, opened up their preference settings, downloaded an installed extensions, and set their default pages and search engine to Yahoo.

      Vuze is now malware. beware.

      • by Anonymous Coward

        If you go to the Vuze support forum theres multiple posts yelling about vuze as mal ware. In the fearliest one the moderator denies this. Then in the others the moderator has posted how to change your settings back to another search engine. They fail to mention the extensions (like quickview) that Vuze installs in all of your browsers.

        the company can no longer be trusted.

      • Same thing happened to me. It appears Vuze installs the Spigot adware infection into your computer.
        For Chrome there's some hope of disinfecting your computer. Don't know how to fix safari or Firefox.

        navigate to /Users/YOUR_COMPUTER_USERNAME/Library/Application Support/Google/Chrome

        YOUR_COMPUTER_USERNAME must of course be replaced with your computer username

        grep -rnw '.' -e 'spigot' and grep -rnw '.' -e 'api.mybrowserbar'

        get in there and remove that shit.

        In the most annoying case, their genius software made

  • by fropenn ( 1116699 ) on Friday July 01, 2016 @10:51AM (#52426627)
    going through MySpace's password recovery feature. Now, maybe I will be able to update my MySpace page for the first time in ten years!
    • by wile_e_wonka ( 934864 ) on Friday July 01, 2016 @12:15PM (#52427213)

      I think the bigger deal isn't the risk of unauthorized people accessing ancient unupdated MySpace pages. I think the bigger deal is that a lot of people are using the that same password, now disclosed online, for their email login, bank login, etc. And the MySpace leak gives everyone the ability to look up a large swath of the population's passwords. A lot of not very tech-savvy people had MySpace accounts, and I haven't looked at the file, but it seems that a less-than-honest person could match people to passwords in a lot of these cases and then have that person's passwords for a lot of different sites.

    • This. I no longer have access to my AOL email address, so this list is the only way to get my MySpace password X-D
  • I forgot my password anyway
  • by Patent Lover ( 779809 ) on Friday July 01, 2016 @11:12AM (#52426769)
    What the heck is MySpace?
  • by Sloppy ( 14984 ) on Friday July 01, 2016 @11:20AM (#52426823) Homepage Journal

    As always, you should exercise caution while downloading any file from an unverified source on the internet; at the very least, you should run it through a virus scanner before doing anything with it.

    WTF?

    • by Anonymous Coward

      In fairness, trying to open a 13 GB text document might well cause some kind of previously unknown buffer overflow in Notepad. Which probably runs in kernel mode to do some font rendering, given Microsoft's past form.

    • It's crazy, but true. Windows users have to live in constant paranoia of their machine executing any random download, usb stick, cd's, emails, etc.
  • Wow, it's been so long since I've seen a site get slashdotted that I almost forgot about the term!

  • The site:
    https://haveibeenpwned.com/ [haveibeenpwned.com]

    tells me that my MySpace account has been pawned, but I don't remember creating a MySpace account.

  • The site is slashdotted. Would like to snag this.
    • by wbr1 ( 2538558 )
      Got it: magnet link: magnet:?xt=urn:btih:17E6FC94DAE0A3168301012C290A53A2BD314A28&dn=Myspace.com.rar&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=udp%3a%2f%2f9.rarbg.com%3a2710%2fannounce&tr=http%3a%2f%2fannounce.torrentsmd.com%3a6969%2fannounce&tr=http%3a%2f%2fbt.careland.com.cn%3a6969%2fannounce&tr=udp%3a%2f%2fexplodie.org%3a6969%2fannounce&tr=http%3a%2f%2fmgtracker.org%3a2710%2fannounce&tr=http%3a
    • by wbr1 ( 2538558 )
      Better way: http://webcache.googleusercont... [googleusercontent.com]
  • So far as I can tell, this dump contains only the SHA-1 hashes of passwords and no one has figured out how to invert SHA-1.

    The SHA-1 hashes of common, already-known passwords are available, so it's possible to invert hashes for these passwords. But, claiming that you can recover any of the passwords is wholly different from being able to confirm that a few well-known passwords were used by a segment of the population. Case in point: Of the ~420 million passwords in the leak, only about 7 million are in the

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...