Many younger readers of Scamicide may not even remember Myspace, but at one time Myspace was the biggest social networking website.  By 2009, however, it was overtaken by Facebook and its users have continued to decline in the years since then.  In 2013, it was bought by Time, Inc which is attempting to revitalize it.  When it was announced earlier this week that more than 360 million usernames and passwords from Myspace were being sold on the Dark Web to cybercriminals interested in turning that information into ammunition for identity thieves, many people were not very disturbed by the news.  But they should be.  Even though the usernames and passwords go back to prior to 2013 and, in many instances, much earlier, the problem is that because a lot of people use the same username and password for all of their accounts, this information could put present and former Myspace users in jeopardy of this information being used to gain access to the victims’ other accounts, such as online banking.


A great resource to find out if you have been affected by a data breach is “Have I Been Pawned” which compiles information on data breaches that allows you to find out if your information was contained in particular data breaches.  Here is a link to its website which you can use to find out if the Myspace data breach or other data breaches affect you.

Myspace is notifying users and has cancelled the passwords of affected accounts, however, if you do get an email purporting to be from Myspace asking you to input personal information such as passwords or other information, you have probably been contacted by a scammer merely trying to steal your information through spear phishing.  If you do receive and email from Myspace there is no way to be absolutely sure that it is legitimate, so if you believe you may have been affected by the data breach, you should go directly to Myspace’s website to change your username or password. Here is a link to the applicable portion of the Myspace website.

Finally, for all of us, this data breach is just another reminder that you should use a distinct and unique password for all of your accounts so that in the event of a data breach at one online service you use all of your online accounts will not be in jeopardy.