DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Readers get notifications, Wednesday edition

Posted on June 15, 2016 by Dissent

Readers send along their notifications from two recently disclosed breaches.

First, from MySpace:

From: Myspace Legal
Date:2016/06/14 11:41 AM (GMT-05:00)
To:  <redacted>
Subject: Critical Information About Your Myspace Account

Notice of Data Breach

You may have heard reports recently about a security incident involving
Myspace. We would like to make sure you have the facts about what happened,
what information was involved and the steps we are taking to protect your
information.

What Happened?

Shortly before the Memorial Day weekend (late May 2016), we became aware
that stolen Myspace user login data was being made available in an online
hacker forum. The data stolen included user login data from a portion of
accounts that were created prior to June 11, 2013 on the old Myspace
platform.

We believe the data breach is attributed to Russian Cyberhacker ‘Peace.’
This same individual is responsible for other recent criminal attacks such
as those on LinkedIn and Tumblr, and has claimed on the paid hacker search
engine LeakedSource that the data is from a past breach. This is an ongoing
investigation, and we will share more information as it becomes available.

What Information Was Involved?

Email addresses, Myspace usernames, and Myspace passwords for the affected
Myspace accounts created prior to June 11, 2013 on the old Myspace platform
are at risk. As you know, Myspace does not collect, use or store any credit
card information or user financial information of any kind. No user
financial information was therefore involved in this incident; the only
information exposed was users’ email address and Myspace username and
password.

What We Are Doing

In order to protect our users, we have invalidated all user passwords for
the affected accounts created prior to June 11, 2013 on the old Myspace
platform. These users returning to Myspace will be prompted to authenticate
their account and to reset their password by following instructions at
https://myspace.com/forgotpassword

Myspace is also using automated tools to attempt to identify and block any
suspicious activity that might occur on Myspace accounts.

We have also reported the incident to law enforcement authorities and are
cooperating to investigate and pursue this criminal act. As part of the
major site re-launch in the summer of 2013, Myspace took significant steps
to strengthen account security. The compromised data is related to the
period before those measures were implemented. We are currently utilizing
advanced protocols including double salted hashes (random data that is used
as an additional input to a one-way function that “hashes” a password or
passphrase) to store passwords. Myspace has taken additional security steps
in light of the recent report.

What You Can Do

We have several dedicated teams working diligently to ensure that the
information our members entrust to Myspace remains secure. Importantly, if
you use passwords that are the same or similar to your Myspace password on
other online services, we recommend you set new passwords on those accounts
immediately.

For More Information

If you have any questions, please feel free to contact our Data Security &
Protection team at [email protected] or visit our blog at
https://myspace.com/pages/blog.

Second, from Let’s Encrypt:

To Our Subscribers:

Last week, we wrote to inform you of an update to our subscriber agreement.
Unfortunately, there was a bug in our systems that inadvertently prepended
subscriber email addresses to the body of the email. You are receiving this
email because your address was one of those that was disclosed to a subset
of other Let’s Encrypt subscribers. It is unacceptable that this happened
to you, our users and allies in creating a more secure and
privacy-respecting Web.

Transparency is one of our core principles and that principle is
particularly important when we make mistakes. You deserve to know what
happened and what we’re doing to make sure it doesn’t happen again. That’s
why we created a public incident report within 90 minutes of first learning
about the problem and why we’ve posted a final report and improvement plan:

https://community.letsencrypt.org/t/email-address-disclosures-june-11-2016/

We are sorry for this error. We didn’t live up to your expectations and the
standards we set for ourselves. Please be assured that we’ve taken steps to
make sure this doesn’t happen again.

—
Josh Aas
Executive Director
Internet Security Research Group
Let’s Encrypt: A Free, Automated, and Open CA

Related posts:

  • Gyft Notifies Affected Users of Security Incident
Category: Business SectorU.S.

Post navigation

← Aspen Valley Hospital accused of patient-privacy breach
Almost 3 years after malware compromise, U. Conn notifies some of those affected →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.