Preface
MySpace.com was hacked on June 11th, 2013. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This database was provided to us by a user who goes by the alias “Tessa88@exploit.im”, and has given us permission to name them in this blog. MySpace has not returned our request for comment on this matter, nor have they replied to a similar request from a reporter.
LeakedSource is a search-engine capable of searching over 1.6 billion leaked records — an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries (e.g. MySpace, LinkedIn), but we really aren’t too picky. If we come across a leaked database from a company that most people haven’t heard of, we will incorporate it into our master database just the same.
You may search for yourself in the leaked MySpace.com database by visiting our homepage. If your personal information appears in our copy of the MySpace database, or in any other leaked database that we possess, you may contact us and request to have it removed free of charge.
Since embarking on this ambitious project just a handful of months ago, we have processed an unbelievable amount of data. Much more than we expected, more than most large companies will ever house — and we’re just getting started. LeakedSource may soon become synonymous with Big Data, so don’t miss out!
Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.
LeakedSource does not engage in, encourage or condone unlawful entry (“hacking”) into private systems.
Summary
This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password, total is below).
API
After the last breach we received many requests for API access, and we are launching a business API with a consumer one to follow in the near future. You can read about the API features at our API page
Passwords
Passwords were stored in SHA1 with no salting. “Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these. The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it’s not encryption at all but it gets worse. We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt.
Due to some accounts having two passwords, there are 427,484,128 total passwords for only 360 million users. Additionally, the accounts with password “homelesspa” seem to be automatically generated as all the emails that use this password follow the same format. We also suspect given the number of passwords with a 1 at the end, MySpace required numbers and letters at some point.
Until MySpace responds to our attempts to contact them, we are going to display only the first few characters of plaintext passwords if available so users can verify which password of theirs was leaked.
The following table shows the top passwords used by MySpace users.
Rank | Password | Frequency |
1 | homelesspa | 855,478 |
2 | password1 | 585,503 |
3 | abc123 | 569,825 |
4 | 123456 | 487,945 |
5 | myspace1 | 276,915 |
6 | 123456a | 244,641 |
7 | 123456789 | 191,016 |
8 | a123456 | 165,132 |
9 | 123abc | 159,700 |
10 | (POSSIBLY INVALID) | 158,462 |
11 | qwerty1 | 141,110 |
12 | passer2009 | 130,740 |
13 | fuckyou1 | 125,302 |
14 | iloveyou1 | 123,668 |
15 | princess1 | 114,107 |
16 | 12345a | 111,818 |
17 | monkey1 | 106,424 |
18 | football1 | 101,149 |
19 | babygirl1 | 90,685 |
20 | love123 | 88,756 |
21 | a12345 | 85,874 |
22 | iloveyou | 85,001 |
23 | jordan23 | 81,028 |
24 | hello1 | 80,218 |
25 | jesus1 | 78,075 |
26 | bitch1 | 78,015 |
27 | password | 77,913 |
28 | iloveyou2 | 76,970 |
29 | michael1 | 75,878 |
30 | soccer1 | 74,926 |
31 | blink182 | 73,145 |
32 | 29rsavoy | 71,551 |
33 | 123qwe | 70,476 |
34 | angel1 | 70,271 |
35 | myspace | 69,019 |
36 | fuckyou2 | 68,995 |
37 | jessica1 | 67,644 |
38 | number1 | 65,976 |
39 | baseball1 | 65,400 |
40 | asshole1 | 63,078 |
41 | 1234567890 | 62,855 |
42 | ashley1 | 62,611 |
43 | anthony1 | 62,295 |
44 | money1 | 61,639 |
45 | asdasd5 | 60,810 |
46 | 123456789a | 60,441 |
47 | superman1 | 59,565 |
48 | sunshine1 | 57,522 |
49 | nicole1 | 56,039 |
50 | password2 | 55,754 |
51 | charlie1 | 54,432 |
52 | shadow1 | 54,398 |
53 | jordan1 | 54,004 |
54 | 1234567 | 51,131 |
55 | 50cent | 50,719 |
Emails
Simple table of top email domains
Rank | Email Domain | Frequency |
1 | @yahoo.com | 126,053,325 |
2 | @hotmail.com | 79,747,231 |
3 | @gmail.com | 25,190,557 |
4 | @aol.com | 24,115,704 |
5 | @aim.com | 5,345,585 |
6 | @live.com | 4,728,497 |
7 | @hotmail.co.uk | 4,701,850 |
8 | @msn.com | 4,378,167 |
9 | @myspace.com | 4,257,451 |
10 | @comcast.net | 3,275,651 |
11 | @ymail.com | 2,866,796 |
12 | @sbcglobal.net | 2,793,292 |
13 | @hotmail.fr | 2,335,422 |
14 | @web.de | 1,486,602 |
15 | @rocketmail.com | 1,420,819 |
16 | @yahoo.co.uk | 1,384,943 |
17 | @verizon.net | 1,255,478 |
18 | @cox.net | 1,082,304 |
19 | @mail.ru | 1,040,442 |
20 | @hotmail.it | 1,018,406 |
21 | @bellsouth.net | 961,018 |
22 | @gmx.de | 959,852 |
23 | @hotmail.de | 852,256 |
24 | @NONE | 790,159 |
25 | @yahoo.fr | 741,962 |
26 | @att.net | 685,951 |
27 | @earthlink.net | 652,769 |
28 | @hotmail.es | 612,748 |
29 | @yahoo.co.id | 604,816 |
30 | @yahoo.com.my | 601,114 |
31 | @yahoo.com.br | 551,956 |
32 | @charter.net | 548,031 |
33 | @yahoo.de | 543,823 |
34 | @live.fr | 518,523 |
35 | @netscape.net | 510,577 |
36 | @live.co.uk | 502,121 |
37 | @libero.it | 490,151 |
38 | @googlemail.com | 430,112 |
39 | @wp.pl | 401,928 |
40 | @live.com.mx | 397,944 |
41 | @yahoo.es | 389,453 |
42 | @yahoo.co.jp | 351,781 |
43 | @btinternet.com | 349,642 |
44 | @mail.com | 343,346 |
45 | @excite.com | 335,215 |
46 | @yahoo.com.mx | 330,927 |
47 | @qamail.msprod.msp | 328,267 |
48 | @peoplepc.com | 325,192 |
49 | @music.msprod.msp | 324,173 |
50 | @yahoo.ca | 320,579 |
51 | @tmail.com | 314,187 |
52 | @gmx.net | 310,143 |
53 | @netzero.com | 308,410 |
54 | @yahoo.it | 307,122 |
55 | @optonline.net | 306,284 |