Large myspace email & password dump - change your passwords now

1,339 views

Skip to first unread message

Cameron

unread,

Jul 5, 2016, 4:13:24 AM7/5/16

to mlug-au

There's been a recent large dump from myspace - containing email addresses and SHA1 hashed passwords (and some plain text passwords too).

See https://myspace.thecthulhu.com/ for the magnet / torrent links.

15.3GB rar file encrypted and compressed - see https://myspace.thecthulhu.com/ for decryption key
35.3GB text file dump containing 360,213,049 lines

The text file dump is a little dirty, some example (fake) contents:-

1337::1337:'':''

31337:ema...@hotmail.com:31337:'':''

314159265:ema...@hotmail.com:314159265:0xB1B3773A05C0ED0176787A4F1574FF0075F7521E:''

1234567890:ema...@hotmail.com:secretpassword:0xE5E9FA1BA31ECD1AE84F75CAAA474F3A663F05F4

2345678901:ema...@hotmail.com:2345678901:0xBBCCDF2EFB33B52E6C9D0A14DD70B2D415FBEA6E:0x5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8

After some grepping, I found an email address that someone I know had used that was in the list.

With their permission, and after advising the holder of that email address, I requested to decrypt their passwords.

Grep for email addresses that you're interested in, and dump it in to a small text file
Sanitize the text file so it looks a bit like this:- ema...@hotmail.com:B1B3773A05C0ED0176787A4F1574FF0075F7521E
Run john the ripper to extract those passwords (for 16 threads): john --fork=16 crackme.txt
Once finished, view the cracked passwords: john --show crackme.txt
It should be possible to crack passwords faster with your GPU and hashcat

Thankfully in this case the passwords are no longer used, and the respective email address had long been treated as a spam hole.

So in short, if you know of anyone that's ever used myspace, be sure that they:

Prepare for a torrent of spam heading their way
Change their myspace password (if they're still with myspace)
Use dissimilar passwords for other things, if not, those passwords need to be updated.

Danny Robson

unread,

Jul 5, 2016, 4:37:14 AM7/5/16

to mlu...@googlegroups.com

On Tue, 5 Jul 2016 01:13:23 -0700 (PDT)
Cameron <rhubarb.rhubarb...@gmail.com> wrote:

> There's been a recent large dump from myspace - containing email
> addresses and SHA1 hashed passwords (and some plain text passwords
> too).
>
> See https://myspace.thecthulhu.com/ for the magnet / torrent links.

If you're looking for a fast way to check this and other dumps:
https://haveibeenpwned.com/

I can't verify it works 100%, but it's detected some of my older
accounts in known password dumps.

Reply all

Reply to author

Forward

0 new messages