The latest high profile data security breach has been identified as MySpace.
News of the breach which involved what appears to be the theft of customer details from an old MySpace database was made public first by LeakedSource who are reported to have received a copy of the breached data from one of their users. LeakedSource offer a subscription service that enables people to search for their usernames on hacked sites to see if they have been compromised.
MySpace Confirmed Breach
After the rumours of the breach had appeared on the Internet, MySpace confirmed details of the breach in a Blog post. The post stated that MySpace became aware on ‘Memorial Day Weekend’ (the last weekend in May) that user login data had been stolen from them and was being made available in “an online hacker forum”.
Russian Cyberhacker ‘Peace’
The MySpace blog post attributed the hack and theft to the Russian Cyberhacker ‘Peace’ who is also reported to have been responsible for other recent attacks on LinkedIn and Tumblr.
Who Could Be Affected?
According to the MySpace blog post those MySpace users whose details are most likely to have been stolen are those whose accounts were created prior to June 11, 2013 on the old MySpace platform.
Type and Scale of the Breach
The details stolen from affected accounts on the old MySpace platform database include email addresses, usernames, and passwords. MySpace have stated on their blog that no user financial information was involved in the breach because MySpace doesn’t collect, use or store any credit card information or user financial information of any kind.
According to LeakedSource the details of 360,213,024 accounts and 427 million passwords (single accounts can have multiple passwords) were stolen in this attack. This of course makes the scale of the attack even bigger than the hack also carried out by ‘Peace’ where the details of 117 million hacked LinkedIn accounts were stolen and then offered for sale on the dark web.
What Does This Mean For Your Business?
It is unlikely that many of us can remember or have kept a full and accurate record of all the websites and platforms that we have submitted our personal details to and as such we have to rely on those organisations to comply with data protection laws to protect our data.
In the case of this particular hack, if you believe that you created a MySpace account prior to June 11, 2013 on the old MySpace platform you are advised to return to MySpace to your authenticate and reset their password here: https://myspace.com/forgotpassword.
This hack does emphasise how important cyber and data security measures are to all organisations and how we all must play our part in beating the cyber criminals. We all have legal and moral responsibilities to take adequate measures to protect the data of our customers, staff and stakeholders.
As this and other high profile breaches have shown e.g. TalkTalk, failure to do so can mean damage to reputation, lost revenue, fines, loss of customers, and potentially the loss of the whole business.
It is also worth noting that the General Data Protection Regulation (GDPR) due to come into force in 2018 will mean that we will soon be able to take better and faster measures as individuals to protect our personal data that other companies hold by exercising our ‘right to be forgotten’.
The GDPR allows an individual to request that a company deletes any data about them. The GDPR will also mean that any organisation collecting personal data in the first place must have and be able to prove clear and affirmative consent to process personal data, and must explain clearly, and exactly what personal data they are collecting and how it will be processed and used.