Torrent with 427 million MySpace passwords
Good people laid out in the open access database of MySpace passwords , which for some time went to underground forums and sold for a lot of money. Now it is free and open to all.
The base with 427 million passwords is the largest collection of passwords in the entire history of leaks from various sites, of which there have been many in recent years.
Myspace.com.rar (14.2 GB)
RAR archive password: KLub8pT & iU $ 8oBY (* $ NOiu
')
SHA1: 8C7E FFE4 3486 C617 E1B4 E295 DBF7 9E10 01AC 86BD
SHA256: 5FA0 5F95 1EFD DA18 8A2E 3D50 8948 1A4F AACA 311E C559 205F EB15 B2BB F7DE EC61
Torrent
magnet:? xt = urn: btih: 17E6FC94DAE0A3168301012C290A53A2BD314A28
Login / password pairs can be checked on Mail.ru, Gmail and other mailboxes on various websites, including Vkontakte and TeamViewer. The leak of MySpace passwords occurred relatively recently: June 11, 2013 , but the lion's share of passwords was established much earlier, when MySpace was still a popular site on the Internet. Recall that before the advent of Facebook, it was the most popular social network in the world.
Although most of the passwords are set a long time ago, some users use the same nickname and standard password on many sites for many years, so these passwords are found a few years later on new sites that started working after MySpace. In other words, the password database has not only academic, but also practical value for pentesting.
Of course, a giant collection of passwords is of interest to researchers and scientists. Previously, research was conducted on this topic and lists of the most popular passwords on less voluminous bases were compiled.
A collection of ready-made passwords, ranked by popularity, is great for replenishing dictionaries in programs for bruteforce.
Total MySpace database contains 360 213 024 accounts. For each of them, an email address, a username, the first password and, in some cases, a second password can be specified.
Passwords were stored as SHA1 hashes without salt, that is, they are relatively easy to bring to their original form. In reality, 99% of the hashes were decrypted in a few days.
Storing passwords in this form does not comply with generally accepted modern information security rules.
Experts who first accessed the database and carried out its analysis noted that a very small number of passwords has a length of more than ten characters.
Experts also suggest that a large number of accounts with the same homelesspa password were automatically generated, because the email addresses for these accounts follow the same pattern.
At the end of many passwords the number “1” is indicated. Most likely, MiSpace demanded that passwords necessarily contain letters and numbers to increase security and increase entropy.
The most popular passwords from MySpace
Most popular email domains from MySpace account database
Each user is recommended to download the database with passwords and check how often it contains its own password. It is a secure way to verify your password without issuing it to the online verification service LeakedSource .
The appearance of passwords in the public domain after hacking the site is just a matter of time. In this case, three years have passed from hacking to making them publicly available. “This is the nature of information,” said hacker Tessa88, who declassified the base. “Three can keep a secret only if two of them have died.” As soon as the data is sold a couple of times, in the end it will fall into the hands of someone not so reliable as to keep the secret, and then the information is distributed to tree branches [that is, in a geometric progression - approx. trans.]
MySpace has not yet commented on the fact of hacking and information leaks. It was the largest website on the Internet about a decade ago, but since then its attendance has dropped dramatically. MySpace recently announced a billion registered users, but it can be assumed with a high degree of confidence that much more than half of them are dead accounts left a long time ago. Last year, MySpace’s active monthly audience was only 50 million people .
The base with 427 million passwords is the largest collection of passwords in the entire history of leaks from various sites, of which there have been many in recent years.
Myspace.com.rar (14.2 GB)
RAR archive password: KLub8pT & iU $ 8oBY (* $ NOiu
')
Download
SHA1: 8C7E FFE4 3486 C617 E1B4 E295 DBF7 9E10 01AC 86BD
SHA256: 5FA0 5F95 1EFD DA18 8A2E 3D50 8948 1A4F AACA 311E C559 205F EB15 B2BB F7DE EC61
Torrent
magnet:? xt = urn: btih: 17E6FC94DAE0A3168301012C290A53A2BD314A28
Login / password pairs can be checked on Mail.ru, Gmail and other mailboxes on various websites, including Vkontakte and TeamViewer. The leak of MySpace passwords occurred relatively recently: June 11, 2013 , but the lion's share of passwords was established much earlier, when MySpace was still a popular site on the Internet. Recall that before the advent of Facebook, it was the most popular social network in the world.
Although most of the passwords are set a long time ago, some users use the same nickname and standard password on many sites for many years, so these passwords are found a few years later on new sites that started working after MySpace. In other words, the password database has not only academic, but also practical value for pentesting.
Of course, a giant collection of passwords is of interest to researchers and scientists. Previously, research was conducted on this topic and lists of the most popular passwords on less voluminous bases were compiled.
A collection of ready-made passwords, ranked by popularity, is great for replenishing dictionaries in programs for bruteforce.
Total MySpace database contains 360 213 024 accounts. For each of them, an email address, a username, the first password and, in some cases, a second password can be specified.
- User names - 111 341 258
- Accounts with a second password - 68,493,651 (in some accounts only the second password is indicated and the first is not indicated)
- The total number of passwords - 472 484 128
Passwords were stored as SHA1 hashes without salt, that is, they are relatively easy to bring to their original form. In reality, 99% of the hashes were decrypted in a few days.
Storing passwords in this form does not comply with generally accepted modern information security rules.
Experts who first accessed the database and carried out its analysis noted that a very small number of passwords has a length of more than ten characters.
Experts also suggest that a large number of accounts with the same homelesspa password were automatically generated, because the email addresses for these accounts follow the same pattern.
At the end of many passwords the number “1” is indicated. Most likely, MiSpace demanded that passwords necessarily contain letters and numbers to increase security and increase entropy.
The most popular passwords from MySpace
| A place | Password | amount |
|---|---|---|
| one | homelesspa | 855478 |
| 2 | password1 | 585503 |
| 3 | abc123 | 569825 |
| four | 123456 | 487945 |
| five | myspace1 | 276915 |
| 6 | 123456a | 244641 |
| 7 | 123456789 | 191016 |
| eight | a123456 | 165132 |
| 9 | 123abc | 159700 |
| ten | (POSSIBLY INVALID) | 158462 |
| eleven | qwerty1 | 141110 |
| 12 | passer2009 | 130740 |
| 13 | fuckyou1 | 125302 |
| 14 | iloveyou1 | 123668 |
| 15 | princess1 | 114107 |
| sixteen | 12345a | 111818 |
| 17 | monkey1 | 106424 |
| 18 | football1 | 101149 |
| nineteen | babygirl1 | 90685 |
| 20 | love123 | 88756 |
| 21 | a12345 | 85874 |
| 22 | I love you | 85001 |
| 23 | jordan23 | 81028 |
| 24 | hello1 | 80218 |
| 25 | jesus1 | 78075 |
| 26 | bitch1 | 78015 |
| 27 | password | 77913 |
| 28 | iloveyou2 | 76970 |
| 29 | michael1 | 75878 |
| thirty | soccer1 | 74926 |
| 31 | blink182 | 73145 |
| 32 | 29rsavoy | 71551 |
| 33 | 123qwe | 70476 |
| 34 | angel1 | 70271 |
| 35 | myspace | 69019 |
| 36 | fuckyou2 | 68995 |
| 37 | jessica1 | 67644 |
| 38 | number1 | 65976 |
| 39 | baseball1 | 65400 |
| 40 | asshole1 | 63078 |
| 41 | 1234567890 | 62855 |
| 42 | ashley1 | 62611 |
| 43 | anthony1 | 62295 |
| 44 | money1 | 61639 |
| 45 | asdasd5 | 60810 |
| 46 | 123456789a | 60441 |
| 47 | superman1 | 59565 |
| 48 | sunshine1 | 57522 |
| 49 | nicole1 | 56039 |
| 50 | password2 | 55754 |
| 51 | charlie1 | 54432 |
| 52 | shadow1 | 54398 |
| 53 | jordan1 | 54004 |
| 54 | 1234567 | 51131 |
| 55 | 50cent | 50719 |
Most popular email domains from MySpace account database
| A place | Mail domain | amount |
|---|---|---|
| one | @ yahoo.com | 126 053 325 |
| 2 | @ hotmail.com | 79,747,231 |
| 3 | @ gmail.com | 25 190 557 |
| four | @ aol.com | 24 115 704 |
| five | @ aim.com | 5 345 585 |
| 6 | @ live.com | 4,728,497 |
| 7 | @ hotmail.co.uk | 4,701,850 |
| eight | @ msn.com | 4,378,167 |
| 9 | @ myspace.com | 4,257,451 |
| ten | @ comcast.net | 3,275,651 |
| eleven | @ ymail.com | 2,866,796 |
| 12 | @ sbcglobal.net | 2,793,292 |
| 13 | @ hotmail.fr | 2 335 422 |
| 14 | @ web.de | 1,486,602 |
| 15 | @ rocketmail.com | 1 420 819 |
| sixteen | @ yahoo.co.uk | 1,384,943 |
| 17 | @ verizon.net | 1,255,478 |
| 18 | @ cox.net | 1,082,304 |
| nineteen | @ mail.ru | 1,040,442 |
| 20 | @ hotmail.it | 1 018 406 |
| 21 | @ bellsouth.net | 961 018 |
| 22 | @ gmx.de | 959 852 |
| 23 | @ hotmail.de | 852,256 |
| 24 | @NONE | 790 159 |
| 25 | @ yahoo.fr | 741 962 |
| 26 | @ att.net | 685 951 |
| 27 | @ earthlink.net | 652 769 |
| 28 | @ hotmail.es | 612,748 |
| 29 | @ yahoo.co.id | 604,816 |
| thirty | @ yahoo.com.my | 601 114 |
| 31 | @ yahoo.com.br | 551 956 |
| 32 | @ charter.net | 548 031 |
| 33 | @ yahoo.de | 543,823 |
| 34 | @ live.fr | 518 523 |
| 35 | @ netscape.net | 510 577 |
| 36 | @ live.co.uk | 502 121 |
| 37 | @ libero.it | 490,151 |
| 38 | @ googlemail.com | 430 112 |
| 39 | @ wp.pl | 401,928 |
| 40 | @ live.com.mx | 397 944 |
| 41 | @ yahoo.es | 389 453 |
| 42 | @ yahoo.co.jp | 351,781 |
| 43 | @ btinternet.com | 349 642 |
| 44 | @ mail.com | 343 346 |
| 45 | @ excite.com | 335 215 |
| 46 | @ yahoo.com.mx | 330 927 |
| 47 | @ qamail.msprod.msp | 328 267 |
| 48 | @ peoplepc.com | 325 192 |
| 49 | @ music.msprod.msp | 324 173 |
| 50 | @ yahoo.ca | 320 579 |
| 51 | @ tmail.com | 314 187 |
| 52 | @ gmx.net | 310 143 |
| 53 | @ netzero.com | 308 410 |
| 54 | @ yahoo.it | 307 122 |
| 55 | @ optonline.net | 306 284 |
Each user is recommended to download the database with passwords and check how often it contains its own password. It is a secure way to verify your password without issuing it to the online verification service LeakedSource .
The appearance of passwords in the public domain after hacking the site is just a matter of time. In this case, three years have passed from hacking to making them publicly available. “This is the nature of information,” said hacker Tessa88, who declassified the base. “Three can keep a secret only if two of them have died.” As soon as the data is sold a couple of times, in the end it will fall into the hands of someone not so reliable as to keep the secret, and then the information is distributed to tree branches [that is, in a geometric progression - approx. trans.]
MySpace has not yet commented on the fact of hacking and information leaks. It was the largest website on the Internet about a decade ago, but since then its attendance has dropped dramatically. MySpace recently announced a billion registered users, but it can be assumed with a high degree of confidence that much more than half of them are dead accounts left a long time ago. Last year, MySpace’s active monthly audience was only 50 million people .
Source: https://habr.com/ru/post/395869/
All Articles