Over 360 million credentials from the once popular social network, MySpace, have been compromised.
A cyber criminal is selling all the data, which compromises e-mail addresses, passwords and usernames, on the dark Web, for a total of six Bitcoin (R51 490).
In 2007, MySpace was valued at $12 billion and had over 300 million registered users. It was subsequently crushed by newcomer, Facebook.
The data leak was reported by LeakedSource, a Web site that collects information from data breaches and puts it in a searchable repository so users can check if their information was part of it.
Jason Jordaan, principal forensic scientist at DFIR Labs, says the problem with the Internet is that information cannot be deleted. The personal data users put into MySpace when they signed up years ago is still there, he notes.
"If I [as a hypothetical hacker] can compromise a system that is largely forgotten, then I can use that information elsewhere.
"Hackers rely on human nature to use the same passwords and usernames, and variations of them, across accounts."
LeakedSource stated in its analysis of the data that MySpace had not gone to lengths to encrypt users' information. "The methods MySpace used for storing passwords are not what Internet standards propose."
It went on to say: "We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt."
It is not known yet when the breach happened; it could have been years ago.
The MySpace news follows a series of major data breaches in the last few months. Last week, it was reported that 117 million LinkedIn account credentials, from a breach in 2012, were sold on the dark Web. Similarly, data from a breach on Tumblr in 2013 exposed over 50 million accounts.
Troy Hunt, an Australian security expert, wrote in a blog post this week that the same cyber criminal that was selling the LinkedIn data was behind the MySpace leak, and goes under the name 'peace_of_mind' on dark Web marketplaces.
"By all accounts, this individual is peddling a quality product," writes Hunt.
Jordaan believes we will see more data breaches like this one come to light. "My personal take is that we will see more because it is easier to do, there is more data out there, and organisations will be required by law to report them.
"So not necessarily an increase in actual breaches but an increase in our knowledge of them."
Previous MySpace users can check if their data was compromised in the leak here.
Share