As many as 360 million MySpace accounts turned up for sale Friday in a 33-gigabyte dump online, according to reports that were confirmed Monday by MySpace's parent, Time Inc. The leak includes passwords, email addresses and usernames that were swiped from MySpace in a hack dating back to June 2013, before MySpace made a site redesign that closed some security gaps.
In a blog post, MySpace said it's disabled the affected passwords so that nobody can use the leaked credentials to gain unauthorized access to accounts.
It's unclear how many of the accounts in the MySpace hack were still "active," in the sense that they belong to people who continue to log into the service today. But chances are at least some of these accounts hadn't been touched for years. The reason this makes you vulnerable is the same reason experts say you shouldn't use the same username and password for every online service - it makes it easy to take one set of stolen credentials and plug them into others, potentially gaining access to the entire portfolio of your digital life.
In that light, it seems there's a strong case for deleting your old, unused accounts - or at least creating a throwaway email address to associate with the services you don't use so that they're insulated from the email addresses you use for more important things. Not only does it potentially cut down on the number of credentials you have to remember (though hopefully you're solving that by using a password manager, right?), but it helps limit your exposure to hackers. By changing the credentials on your old accounts and disassociating them from the present-day you, you help make sure none of your other Internet identities are put at risk.
Personal data from the MySpace breach was going for sale to the tune of thousands of dollars, highlighting how even outdated information can still carry significant value. But whether your old data gets used for marketing, fraud or some other nefarious purpose is still at least partly within your control.
© 2016 The Washington Post