From TalkTalk to J.D. Wetherspoon, high profile data breaches and cyber attacks on businesses seen to have been coming thick and fast this year.
The next high profile victim is MySpace, and of course the alleged millions of MySpace customers who have had some of their details stolen in a database hack cyber crime.
Cyber Security Essential Now
As and IT Support Company in Hertfordshire we know that cyber crime is still increasing and many soft, old, and of course unexpected (and often unguarded) targets, digital records and resources of businesses are now being targeted with alarming frequency.
What Happened in the Attack on MySpace?
This latest attack on MySpace and the resulting breach are reported to be the work of Russian Cyberhacker ‘Peace’ who is also reported to have been responsible for other recent attacks on LinkedIn and Tumblr.
News of the breach which involved what appears to be the theft of customer details from an old MySpace database was made public first by LeakedSource who are reported to have received a copy of the breached data from one of their users.
LeakedSource offer a subscription service that enables people to search for their usernames on hacked sites to see if they have been compromised.
MySpace Confirmed Breach
After the rumours of the breach had appeared on the Internet, MySpace confirmed details of the breach in a Blog post. The post stated that MySpace became aware on ‘Memorial Day Weekend’ (the last weekend in May) that user login data had been stolen from them and was being made available in “an online hacker forum”.
According to the MySpace blog post those MySpace users whose details are most likely to have been stolen are those whose accounts were created prior to June 11, 2013 on the old MySpace platform.
What and How Much Was Taken?
The details stolen from affected accounts on the old MySpace platform database include email addresses, usernames, and passwords. MySpace have stated on their blog that no user financial information was involved in the breach because MySpace doesn’t collect, use or store any credit card information or user financial information of any kind.
According to LeakedSource the details of 360,213,024 accounts and 427 million passwords (single accounts can have multiple passwords) were stolen in this attack. This of course makes the scale of the attack even bigger than the hack also carried out by ‘Peace’ where the details of 117 million hacked LinkedIn accounts were stolen and then offered for sale on the dark web.
What Does This Mean For Your Business?
As an IT Support Company in Hertfordshire we know that it is unlikely that most people in their business or personal life can remember or will have kept a full and accurate record of all the websites and platforms that they have submitted personal details to. As such we all have to rely on organisations to comply with data protection laws to protect our personal data.
In the case of this particular hack, if you believe that you created a MySpace account prior to June 11, 2013 on the old MySpace platform you are advised to return to MySpace to your authenticate and reset their password here: https://myspace.com/forgotpassword.
This hack does emphasise how important cyber and data security measures are to all organisations and how we all must play our part in beating the cyber criminals. We all have legal and moral responsibilities to take adequate measures to protect the data of our customers, staff and stakeholders.
As this and other high profile breaches have shown e.g. TalkTalk, failure to do so can mean damage to reputation, lost revenue, fines, loss of customers, and potentially the loss of the whole business.
It is also worth noting that the General Data Protection Regulation (GDPR) due to come into force in 2018 will mean that we will soon be able to take better and faster measures as individuals to protect our personal data that other companies hold by exercising our ‘right to be forgotten’.
The GDPR allows an individual to request that a company deletes any data about them. The GDPR will also mean that any organisation collecting personal data in the first place must have and be able to prove clear and affirmative consent to process personal data, and must explain clearly, and exactly what personal data they are collecting and how it will be processed and used.