MySpace.com was hacked on June 11th, 2013
Preface MySpace.com was hacked on June 11th, 2013. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This database was provided […]

HEROIC Cybersecurity

May 27, 2016

Preface

MySpace.com was hacked on June 11th, 2013. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This database was provided to us by a user who goes by the alias “Tessa88@exploit.im”, and has given us permission to name them in this blog. MySpace has not returned our request for comment on this matter, nor have they replied to a similar request from a reporter.

LeakedSource is a search-engine capable of searching over 1.6 billion leaked records — an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries (e.g. MySpace, LinkedIn), but we really aren’t too picky. If we come across a leaked database from a company that most people haven’t heard of, we will incorporate it into our master database just the same.

You may search for yourself in the leaked MySpace.com database by visiting our homepage. If your personal information appears in our copy of the MySpace database, or in any other leaked database that we possess, you may contact us and request to have it removed free of charge.

Since embarking on this ambitious project just a handful of months ago, we have processed an unbelievable amount of data. Much more than we expected, more than most large companies will ever house — and we’re just getting started. LeakedSource may soon become synonymous with Big Data, so don’t miss out!

Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.

LeakedSource does not engage in, encourage or condone unlawful entry (“hacking”) into private systems.

Table of Contents

Summary

This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password (some did not have a primary password, total is below).

API

After the last breach we received many requests for API access, and we are launching a business API with a consumer one to follow in the near future. You can read about the API features at our API page

Passwords

Passwords were stored in SHA1 with no salting. “Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these. The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it’s not encryption at all but it gets worse. We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt.

Due to some accounts having two passwords, there are 427,484,128 total passwords for only 360 million users. Additionally, the accounts with password “homelesspa” seem to be automatically generated as all the emails that use this password follow the same format. We also suspect given the number of passwords with a 1 at the end, MySpace required numbers and letters at some point.

Until MySpace responds to our attempts to contact them, we are going to display only the first few characters of plaintext passwords if available so users can verify which password of theirs was leaked.

The following table shows the top passwords used by MySpace users.

Rank Password Frequency
1 homelesspa 855,478
2 password1 585,503
3 abc123 569,825
4 123456 487,945
5 myspace1 276,915
6 123456a 244,641
7 123456789 191,016
8 a123456 165,132
9 123abc 159,700
10 (POSSIBLY INVALID) 158,462
11 qwerty1 141,110
12 passer2009 130,740
13 fuckyou1 125,302
14 iloveyou1 123,668
15 princess1 114,107
16 12345a 111,818
17 monkey1 106,424
18 football1 101,149
19 babygirl1 90,685
20 love123 88,756
21 a12345 85,874
22 iloveyou 85,001
23 jordan23 81,028
24 hello1 80,218
25 jesus1 78,075
26 bitch1 78,015
27 password 77,913
28 iloveyou2 76,970
29 michael1 75,878
30 soccer1 74,926
31 blink182 73,145
32 29rsavoy 71,551
33 123qwe 70,476
34 angel1 70,271
35 myspace 69,019
36 fuckyou2 68,995
37 jessica1 67,644
38 number1 65,976
39 baseball1 65,400
40 asshole1 63,078
41 1234567890 62,855
42 ashley1 62,611
43 anthony1 62,295
44 money1 61,639
45 asdasd5 60,810
46 123456789a 60,441
47 superman1 59,565
48 sunshine1 57,522
49 nicole1 56,039
50 password2 55,754
51 charlie1 54,432
52 shadow1 54,398
53 jordan1 54,004
54 1234567 51,131
55 50cent 50,719

Emails

Simple table of top email domains

Rank Email Domain Frequency
1 @yahoo.com 126,053,325
2 @hotmail.com 79,747,231
3 @gmail.com 25,190,557
4 @aol.com 24,115,704
5 @aim.com 5,345,585
6 @live.com 4,728,497
7 @hotmail.co.uk 4,701,850
8 @msn.com 4,378,167
9 @myspace.com 4,257,451
10 @comcast.net 3,275,651
11 @ymail.com 2,866,796
12 @sbcglobal.net 2,793,292
13 @hotmail.fr 2,335,422
14 @web.de 1,486,602
15 @rocketmail.com 1,420,819
16 @yahoo.co.uk 1,384,943
17 @verizon.net 1,255,478
18 @cox.net 1,082,304
19 @mail.ru 1,040,442
20 @hotmail.it 1,018,406
21 @bellsouth.net 961,018
22 @gmx.de 959,852
23 @hotmail.de 852,256
24 @NONE 790,159
25 @yahoo.fr 741,962
26 @att.net 685,951
27 @earthlink.net 652,769
28 @hotmail.es 612,748
29 @yahoo.co.id 604,816
30 @yahoo.com.my 601,114
31 @yahoo.com.br 551,956
32 @charter.net 548,031
33 @yahoo.de 543,823
34 @live.fr 518,523
35 @netscape.net 510,577
36 @live.co.uk 502,121
37 @libero.it 490,151
38 @googlemail.com 430,112
39 @wp.pl 401,928
40 @live.com.mx 397,944
41 @yahoo.es 389,453
42 @yahoo.co.jp 351,781
43 @btinternet.com 349,642
44 @mail.com 343,346
45 @excite.com 335,215
46 @yahoo.com.mx 330,927
47 @qamail.msprod.msp 328,267
48 @peoplepc.com 325,192
49 @music.msprod.msp 324,173
50 @yahoo.ca 320,579
51 @tmail.com 314,187
52 @gmx.net 310,143
53 @netzero.com 308,410
54 @yahoo.it 307,122
55 @optonline.net 306,284

Get Early Access to the Guardian Platform

HEROIC is close to launching our next-generation platform where you can search, secure, and monitor all of your identities. To be the first in line, simply insert your email and you'll be added to the list

Please correct the marked field(s) below.

Be the first to know when we launch

HEROIC is still under development, but we are well underway. We estimate launching in early 2024. Subscribing lets you know when we launch, and how you can be the first to reserve your HERO's (special currency specific to the platform).

Sign Up for Our Newsletter

Email marketing by Interspire