What Happened
No MySpace data breach occurred in 2022. The major MySpace breach took place around 2008 (with dates cited as July 2008 or pre-June 11, 2013), affecting approximately 360 million accounts; it exposed email addresses, usernames, and weakly protected passwords (unsalted SHA-1 hashes of the first 10 lowercase characters), which surfaced for sale on the dark web “Real Deal” market in May 2016 by hacker “Peace” for 6 Bitcoin. MySpace responded by publicly disclosing the incident on May 31, 2016, invalidating passwords for pre-2013 accounts, notifying users, and enhancing security, though the outdated hashing enabled credential stuffing risks due to password reuse. Search results confirm no 2022 incident, only references to this historical event.
