Myspace, LinkedIn Hacks Could Compromise Workplace Security

Don Omar Ft Wisin & Yandel - Myspace

By Aliah D. Wright 6/2/2016

The recent sale of online user data stolen from Myspace and LinkedIn highlights the need for human resource information technology professionals to make certain that employees arent using the same passwords for work and social media.

Time Inc., which owns Myspace, confirmed May 31 that the social networking site was hacked and that passwords, e-mail addresses and user names are now for sale online.

More than half a billion passwords have been stolen from Myspace, and 165 million LinkedIn accounts were compromised in May. Experts say the Myspace data was apparently stolen and sold by the same individual who hacked LinkedIn.

While many people may feel Myspace isnt as popular as Facebook, Twitter, etc., the bigger problem is password reuse, said Dodi Glenn, vice president of cyber security at PC Pitstop, a security software company based in Sioux City, Iowa.

With username and password reuse, an individual may use the same e-mail address or username and password on site A that they would use on sites B and C, he said. When site A gets compromised, the hacker uses an underground tool to check other various sites to see if this account login and password combination exists elsewhere.

Company leaders have to make sure employees know not to use the same passwords at work that they use to access other systems, experts say.

According to a survey by password management app Password Boss, 59 percent of consumers use the same passwords to access multiple accounts because its too hard to remember a different password for each account. The average professional memorizes 19 passwords between personal and work accounts, according to another study.

As SHRM Online reported last year, 54 percent of those surveyed by Software Advice said that their employers require them to use complex passwords; 51 percent are required to change their passwords regularly; 41 percent said they are locked out of their computer after too many failed attempts at entry; 39 percent are forbidden from reusing passwords; and just 29 percent are prohibited from using the default passwords that come with a system.

Said Lesley Fair, a senior attorney at the Federal Trade Commission, which enforces corporate data security, If you have personal information stored on your network, [then] strong authentication procedures, including sensible password hygiene, can help ensure that only authorized individuals can access the data.

Added Glenn: The use of weak passwords and unencrypted database passwords still presents a serious security problem to individuals and companies alike, and its one of the top causes of data breaches.

Details of the Myspace Hack

Shortly before the Memorial Day weekend, the Myspace technical security team became aware that stolen Myspace user login data was being made available in an online hacker forum, according to a news release from Time Inc. The compromised data is limited to a portion of Myspace usernames, passwords and e-mail addresses from the old Myspace platform prior to June 11, 2013when the site was relaunched with significant steps to strengthen account security.

The hacked Myspace information is currently for sale at the price of six bitcoin (worth about $2,800), online news site Vice reported.

Link to the LinkedIn Hack

According to PC Pitstop, the hacker responsible for the Myspace breach is the same one who sold the data of more than 165 million LinkedIn users in early May. Known as Peace, this hacker now claims to have more than 400 million e-mail addresses and passwords of Myspace usersmaking it possibly the largest leaked password breach ever, PC Pitstop stated in a news release.

Before Time confirmed the Myspace hack, the breach was initially announced in a blog post by the new search engine for leaked data, LeakedSource, on May 27. LeakedSource scours the Internet for data and accumulates hundreds of databases, allowing users the ability to search and find whether their data is available online or not, according to its website.

The Myspace breach does not affect any of Time Inc.s systems, subscriber information or other media properties and does not appear to include financial data of any kind, Time stated in its news release.

Myspace says it is notifying all affected users and working proactively with law enforcement authorities to resolve this issue. Myspace has also invalidated the passwords of all known affected users and is monitoring for suspicious activity that might occur on Myspace accounts.

HR Implications

Because LinkedIn, the largest resume database in the world, is used by tens of thousands of recruiters worldwide, this breach should be especially concerning to HR professionals. When that hack was revealed, LinkedIn reportedly invalidated the compromised account passwords and alerted its 400 million users about the importance of choosing strong passwords.

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk, LinkedIn stated in a news release.

Aliah D. Wright is an online editor/manager for SHRM.

Source: http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNHU2DeK1kJiVnjNkQBFosbdo2x7Aw&clid=c3a7d30bb8a4878e06b80cf16b898331&cid=52779125187876&ei=VYJQV6CGMsnWpwf7tLP4Cg&url=https://www.shrm.org/hrdisciplines/technology/articles/pages/myspace-linkedin-hacks-could-compromise-workplace-security-.aspx

Continue Reading ..

Hack Brief: Your Old Myspace Account Just Came Back to Haunt You

Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace

You may have left Myspace and its indie bands behind years ago, but Myspace hasnt forgotten you. Or rather, it hasnt forgotten your password, which is unfortunate, because it just revealed that a hacker stole username and password infomation from what could be more than 360 million accounts.

The Hack

Late last week, Myspace discovered that user login data (those usernames and passwords, and, in some cases, secondary passwords as well) were up for sale in an online hacker forum. Myspace says it believes the hacker responsible goes by the name of Peace, and that hes also responsible for therecent hacks of Tumblr and LinkedIn.

Importantly, according to the hack-tracking site LeakedSource, the intrusion itself took place in June of 2013, before MySpace transitioned from failed social network to failed music marketing platform. That means that even if you havent used MySpace in years, you still could be vulnerable.

Whos Affected

More people than you might think!

Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk, writes Myspace in a blog announcing the hack. It may be hard to remember now, but Myspace was once hugely popular, as evidenced by LeakedSources findings that 360,213,024 user records are in the data set111,341,258 of which have an associated username.

As for current users, Myspace says it has increased its security significantly since 2013, specifically by using double salted hashes, which makes it much harder to crack passwords even if theyve been breached. If you joined Myspace after its 2013 relaunch, you should be clear, and also whats it like over there? Let us know in the comments.

How Serious Is This?

Its pretty serious. Its unlikely that anyone will break into your zombie Myspace page; the company has invalidated user passwords for all affected accounts, and didnt store credit card or other financial info anyway. The bigger worry, though, is that MySpace didnt protect passwords with much rigor prior to 2013, meaning that if you use the same username and password combo on any other sites today as you did for social networking in 2007, youre at risk.

Its also concerning just for the sheer volume of the hack; if LeakedSource is correct, this would be one of the largest breaches ever. That it comprises mostly old Myspace accounts also presents another problem: Who remembers the password they were using several years ago on a long-ignored platform? Its hard to change a compromised password if you dont even know what it is, which means that to feel truly safe, you should probably change any password youve been using for a long time across multiple services. Also, stop using the same password across multiple services. Seriously, stop.

Go Back to Top. Skip To: Start of Article.

Source: http://news.google.com/news/url?sa=t&fd=R&ct2=us&usg=AFQjCNEag5LJ3yNpu9e5CmE_r-Tfg6kf7Q&clid=c3a7d30bb8a4878e06b80cf16b898331&cid=52779120535974&ei=BWlQV4ijK4OO3AHk9aj4Ag&url=https://www.wired.com/2016/05/hack-brief-old-myspace-account-just-came-back-haunt/

Continue Reading ..

Myspace hack: Why you should delete your old, unused account right now

Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace

Despite falling out of vogue years ago, MySpace -- that old precursor to Facebook -- still has details on more user accounts than the United States has people. And now a hefty chunk of those account credentials has been leaked to the entire Internet, in a humbling reminder that the Matchbox Twenty-inspired username you probably made in high school is still worth a heck of a lot to companies and criminals.

As many as 360 million MySpace accounts turned up for sale Friday in a 33-gigabyte dump online, according to reports that were confirmed Monday by MySpace"s parent, Time Inc.

The massive leak includes passwords, email addresses and usernames that were swiped from MySpace in a hack dating to June 2013, before MySpace made a site redesign that closed some security gaps.

In a blog post Tuesday, MySpace said it has disabled the affected passwords so that nobody can use the leaked credentials to gain unauthorized access to accounts.

Huge cyber attack hits US government workers

It"s unclear how many of the accounts in the MySpace hack were still "active," in the sense that they belong to people who continue to log into the service today. But chances are at least some of these accounts hadn"t been touched for years. The reason this makes you vulnerable is the same reason experts say you shouldn"t use the same username and password for every online service -- it makes it easy to take one set of stolen credentials and plug them into others, giving hackers potential access to large swaths of your digital life.

In that light, it seems there"s a strong case for deleting your old, unused accounts -- or at least creating a throwaway email address to associate with the services you don"t use so that they"re insulated from the email addresses you use for more important things. Not only does it potentially cut down on the number of credentials you have to remember (although hopefully you"re solving that by using a password manager, right?), but it helps limit your exposure to hackers. By changing the credentials on your old accounts and disassociating them from online services that you use in the present-day, you can help make sure none of your other Internet identities are put at risk.

Personal data from the MySpace breach was going for sale to the tune of thousands of dollars, highlighting how even outdated information can carry significant value. But whether your old data gets used for marketing, fraud or some other nefarious purpose is still at least partly within your control.

MySpace was once one of the most popular social networks on the planet, reaching about 100 million unique users each month in 2006. News Corp purchased the site for $580 million, outbidding Viacom in the process. In 2011, MySpace was sold at a huge loss of $35 million, as Facebook began to dominate the social network business.

In February of this year, Time purchased MySpace and its parent company, Viant Technology. But the deal announcement focused almost entirely on the value of Viant"s advertising and tracking technology. MySpace was mentioned only in passing at the bottom of the news release.

Copyright: Washington Post

Source: http://www.independent.co.uk/life-style/gadgets-and-tech/myspace-hack-why-you-should-delete-your-old-account-right-now-a7059331.html

Continue Reading ..