In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
The same person who last week was selling data on more than 164 million LinkedIn users (cleaved from a 2012 breach), now claims to have 360 million emails and passwords of MySpace users.
Known as Peace, the hacker says it’s from a past, unreported, breach. This data was bound to leak eventually, according to LeakedSource, a hacked data search engine that also claims to have the credentials.
“It’s the nature of information. ‘Three can keep a secret, if two of them are dead,’” the operator of LeakedSource told Motherboard. “Once data gets traded a few times, eventually it will make its way to somebody who is not trustworthy to keep it a secret, and then it will spread like branches of a tree.”
LeakedSource wrote the data was provided by someone who goes by the alias Tessa88. But in an interview with Motherboard, the operator said they were unaware of the real origins of the data breach, such as who originally breached MySpace, nor who has had the data “this whole time” or when the company was hacked.
“Either the company never found out, or didn’t disclose it, neither publicly nor to its users,”Motherboard reports. “If all the data indeed comes from MySpace, this would be the largest breach of emails and passwords ever.”
The database contains 427,484,128 passwords, but there are only 360,213,024 million emails.
Each record in the…