Slashdot Mirror

← Back to Stories (view on slashdot.org)

You Can Now Browse Through 427 Millon Stolen MySpace Passwords (mashable.com)

Posted by msmash on from the for-research-and-amusement dept.

Stan Schroeder, writing for Mashable:An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace -- some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for free. Thomas White, security researcher also known by the moniker "Cthulhu," put the database up for download as a torrent file on his website, here. "The following contains the alleged data breach from Myspace dating back a few years. As always, I do not provide any guarantees with the file and I leave it down to you to use responsibly and for a productive purpose," he wrote. The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.

11 of 64 comments (clear)

  1. Much easier than by fropenn · · Score: 3, Funny

    going through MySpace's password recovery feature. Now, maybe I will be able to update my MySpace page for the first time in ten years!

    1. Re:Much easier than by wile_e_wonka · · Score: 4, Insightful

      I think the bigger deal isn't the risk of unauthorized people accessing ancient unupdated MySpace pages. I think the bigger deal is that a lot of people are using the that same password, now disclosed online, for their email login, bank login, etc. And the MySpace leak gives everyone the ability to look up a large swath of the population's passwords. A lot of not very tech-savvy people had MySpace accounts, and I haven't looked at the file, but it seems that a less-than-honest person could match people to passwords in a lot of these cases and then have that person's passwords for a lot of different sites.

  2. Re: In unrelated news by Anonymous Coward · · Score: 2, Informative

    BeauHD is the editor who does that crap. This story was posted by manishs, so it doesn't have unrelated news. I'd be happy if Slashdot replaced BeauHD by bringing Timothy back.

  3. Re:i don't get it by Schezar · · Score: 3, Funny

    They're not stolen. The original users of those passwords still have them. ;)

    --
    GeekNights!
    Late Night Radio for Geeks!
  4. The real question is.. by Patent+Lover · · Score: 2, Insightful

    What the heck is MySpace?

    1. Re:The real question is.. by MobileTatsu-NJG · · Score: 4, Funny

      It's that site that a lot of Slashdotters went to a long time ago and painfully discovered that it requires having friends.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    2. Re:The real question is.. by Nidi62 · · Score: 4, Informative

      A website that allowed angsty middle-class teenagers to put up pages with horribly eye-sore backgrounds and embedded music players that automatically start playing music about how misunderstood they are and how horrible their lives are.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  5. chmod +x passwords.txt by Sloppy · · Score: 3, Informative

    As always, you should exercise caution while downloading any file from an unverified source on the internet; at the very least, you should run it through a virus scanner before doing anything with it.

    WTF?

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  6. Re:In unrelated news by FatdogHaiku · · Score: 2

    What? No "in unrelated news" link at the bottom of the story? What if I can't remember how to scroll down? I'll never hear about "Why Twitter Can't Even Protect Tech CEOs From Getting Hacked".

    At least it's not "One weird trick to read 427 million passwords!"...

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  7. Re:Anyone have the torrent link? by wbr1 · · Score: 2

    Got it: magnet link: magnet:?xt=urn:btih:17E6FC94DAE0A3168301012C290A53A2BD314A28&dn=Myspace.com.rar&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=udp%3a%2f%2f9.rarbg.com%3a2710%2fannounce&tr=http%3a%2f%2fannounce.torrentsmd.com%3a6969%2fannounce&tr=http%3a%2f%2fbt.careland.com.cn%3a6969%2fannounce&tr=udp%3a%2f%2fexplodie.org%3a6969%2fannounce&tr=http%3a%2f%2fmgtracker.org%3a2710%2fannounce&tr=http%3a%2f%2ftracker.tfile.me%2fannounce&tr=http%3a%2f%2ftracker.torrenty.org%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.trackerfix.com%3a80%2fannounce&tr=http%3a%2f%2fwww.mvgroup.org%3a2710%2fannounce&tr=udp%3a%2f%2f9.rarbg.com%3a2710%2fannounce&tr=udp%3a%2f%2f9.rarbg.me%3a2710%2fannounce&tr=udp%3a%2f%2f9.rarbg.to%3a2710%2fannounce&tr=udp%3a%2f%2fcoppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2fexodus.desync.com%3a6969%2fannounce&tr=udp%3a%2f%2fglotorrents.pw%3a6969%2fannounce&tr=%2audp%3a%2f%2fopen.demonii.com%3a1337%2fannounce&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.glotorrents.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker4.piratux.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.pomf.se%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.ccc.de%3a80%2fannounce&ws=https%3a%2f%2fmyspace.thecthulhu.com%2fMyspace.com.rar

    --
    Silence is a state of mime.
  8. VUZE is now malware by goombah99 · · Score: 3, Informative

    I opened up my trusty torrent client, Vuze, to download this and it asked to install an update. I let it, and then bad craziness broke out. I visibly opened all my browsers up, opened up their preference settings, downloaded an installed extensions, and set their default pages and search engine to Yahoo.

    Vuze is now malware. beware.

    --
    Some drink at the fountain of knowledge. Others just gargle.