DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Readers get notifications, Wednesday edition

Posted on June 15, 2016 by Dissent

Readers send along their notifications from two recently disclosed breaches.

First, from MySpace:

From: Myspace Legal
Date:2016/06/14 11:41 AM (GMT-05:00)
To:  <redacted>
Subject: Critical Information About Your Myspace Account

Notice of Data Breach

You may have heard reports recently about a security incident involving
Myspace. We would like to make sure you have the facts about what happened,
what information was involved and the steps we are taking to protect your
information.

What Happened?

Shortly before the Memorial Day weekend (late May 2016), we became aware
that stolen Myspace user login data was being made available in an online
hacker forum. The data stolen included user login data from a portion of
accounts that were created prior to June 11, 2013 on the old Myspace
platform.

We believe the data breach is attributed to Russian Cyberhacker ‘Peace.’
This same individual is responsible for other recent criminal attacks such
as those on LinkedIn and Tumblr, and has claimed on the paid hacker search
engine LeakedSource that the data is from a past breach. This is an ongoing
investigation, and we will share more information as it becomes available.

What Information Was Involved?

Email addresses, Myspace usernames, and Myspace passwords for the affected
Myspace accounts created prior to June 11, 2013 on the old Myspace platform
are at risk. As you know, Myspace does not collect, use or store any credit
card information or user financial information of any kind. No user
financial information was therefore involved in this incident; the only
information exposed was users’ email address and Myspace username and
password.

What We Are Doing

In order to protect our users, we have invalidated all user passwords for
the affected accounts created prior to June 11, 2013 on the old Myspace
platform. These users returning to Myspace will be prompted to authenticate
their account and to reset their password by following instructions at
https://myspace.com/forgotpassword

Myspace is also using automated tools to attempt to identify and block any
suspicious activity that might occur on Myspace accounts.

We have also reported the incident to law enforcement authorities and are
cooperating to investigate and pursue this criminal act. As part of the
major site re-launch in the summer of 2013, Myspace took significant steps
to strengthen account security. The compromised data is related to the
period before those measures were implemented. We are currently utilizing
advanced protocols including double salted hashes (random data that is used
as an additional input to a one-way function that “hashes” a password or
passphrase) to store passwords. Myspace has taken additional security steps
in light of the recent report.

What You Can Do

We have several dedicated teams working diligently to ensure that the
information our members entrust to Myspace remains secure. Importantly, if
you use passwords that are the same or similar to your Myspace password on
other online services, we recommend you set new passwords on those accounts
immediately.

For More Information

If you have any questions, please feel free to contact our Data Security &
Protection team at [email protected] or visit our blog at
https://myspace.com/pages/blog.

Second, from Let’s Encrypt:

To Our Subscribers:

Last week, we wrote to inform you of an update to our subscriber agreement.
Unfortunately, there was a bug in our systems that inadvertently prepended
subscriber email addresses to the body of the email. You are receiving this
email because your address was one of those that was disclosed to a subset
of other Let’s Encrypt subscribers. It is unacceptable that this happened
to you, our users and allies in creating a more secure and
privacy-respecting Web.

Transparency is one of our core principles and that principle is
particularly important when we make mistakes. You deserve to know what
happened and what we’re doing to make sure it doesn’t happen again. That’s
why we created a public incident report within 90 minutes of first learning
about the problem and why we’ve posted a final report and improvement plan:

https://community.letsencrypt.org/t/email-address-disclosures-june-11-2016/

We are sorry for this error. We didn’t live up to your expectations and the
standards we set for ourselves. Please be assured that we’ve taken steps to
make sure this doesn’t happen again.

—
Josh Aas
Executive Director
Internet Security Research Group
Let’s Encrypt: A Free, Automated, and Open CA

Category: Business SectorU.S.

Post navigation

← Aspen Valley Hospital accused of patient-privacy breach
Almost 3 years after malware compromise, U. Conn notifies some of those affected →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.