MySpace Breach

Back in 2008, MySpace — once the world's biggest social network — suffered a massive data breach that exposed hundreds of millions of user accounts. But the public didn’t hear about it for years. It wasn’t until May 2016 that the stolen data finally surfaced for sale on a dark web marketplace called "Real Deal," with a well-known hacker named "Peace" taking credit for the leak.

The breach compromised email addresses, usernames, and passwords — and the passwords, in particular, were badly protected. Many were hashed using an outdated SHA-1 algorithm and didn’t have proper salting, which made them much easier for attackers to crack. As a result, millions of users were left vulnerable to credential stuffing attacks, where hackers reuse stolen passwords to break into accounts across different sites.

At the time the breach came to light, MySpace was owned by Time Inc., which quickly launched an internal investigation. They confirmed the breach and said it impacted accounts created before June 11, 2013 — the date when MySpace upgraded its password security systems. In response, they invalidated the affected passwords and urged users to reset them, especially if they were using the same login information elsewhere.