Login details for more than 400 million accounts on MySpace and Tumblr, believed to have been stolen in a hack a few years ago, have been put up for sale online.
Before MySpace was redesigned in June 2013, it was the victim of a major data hack, with 360 million email addresses and passwords for the social networking site now being listed on the dark web.
The sellers are reportedly using an online hacking forum, and are demanding Bitcoin payments equivalent to more than £2,000.
Many MySpace accounts have been dormant for some time, but it still puts a great number of users at risk. This is because it is very common for people to use the same password for a range of different websites, meaning that it may be easier for cyber criminals to hack their other accounts.
It has been reported that the technique used to modify the form in which users’ passwords were stored by MySpace was rather weak, and consequently most passwords have now been cracked.
This comes after a significant amount of LinkedIn login details were put up for sale, also several years after the actual data hack occurred, as well as millions of details for a dating website called Fling being offered at the beginning of May.
Troy Hunt, a security researcher, said: “There’s been some catalyst that has brought these breaches to light and to see them all fit this mould and appear in such a short period of time, I can’t help but wonder if they’re perhaps related.
“Even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the ‘mega’ category that are simply sitting there in the clutched of various unknown parties?”
It is strongly recommended to use a different password for each website you have an account with, and the password should be a combination of numbers and letters, to increase the difficulty of it being hacked.