It’s probably been several years since you’ve thought about MySpace, if you ever really have. But now the almost-defunct social network is back in the news for all the wrong reasons.
Hackers are putting up for sale hundreds of millions of passwords from the social network. These passwords were reportedly not encrypted in the most secure way possible, and that makes them relatively easy to crack.
On top of that, account usernames were also available, many with multiple associated passwords.
Well, so what?
On the face of it, there isn’t a ton of valuable information to be gleaned from someone’s MySpace account (other than some embarrassing messages exchanged a decade ago). But the problem is of course that not everyone is careful with their password practices.
With hundreds of millions of usernames and passwords floating out there, you can be sure that some of your staffers are repeating the same credentials over and over – and probably have been for years.
Even if they were security-conscious enough to come up with hard-to-crack passwords in the early aughts, these stolen credentials could be used against them today. All it would take is plugging the same username and password from MySpace into various email or cloud services and seeing what comes up.
Unique is key
The takeaway for IT pros: A strong password doesn’t protect against users who repeat it over and over again. That makes regular password changes for work applications very important.
And when possible, two-factor authentication should be used to ensure these ghosts of internet security past don’t wind up biting you in the future.