Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
If you're suffering from data-breach fatigue, tough luck. LeakedSource, the shadowy website that broke the recent news of the LinkedIn and MySpace breaches, today (June 13) announced that 51 million account credentials for iMesh, a defunct file-sharing service, were being sold online.
If you had an iMesh account and you used the same username and password elsewhere, go change the passwords on those accounts immediately.
MORE: How to Create and Remember Super-Secure Passwords
Briefly, iMesh was a peer-to-peer file-sharing client that started up in the Napster days, surived a record-industry lawsuit and went "legit" in 2004. But it quietly shut down earlier this year, without much explanation.
The company hashed its user passwords with the MD5 algorithm, for which the first weakness was found in 2005. The number of MD5 flaws has built up since then, and no company should have been using the algorithm in 2013, when the iMesh data breach seems to have happened.
"Passwords were stored in multiple MD5 rounds with salting," read a LeakedSource blog post. "'Salting' makes decrypting passwords exponentially harder when dealing with large numbers such as these, and is better than what LinkedIn and MySpace did, but MD5 itself is not nearly hard enough for modern computing. The methods iMesh used, albeit 3 years ago, were still insufficient for the times."
LeakedSource's list of the most common iMesh passwords is depressing. Close to a million accounts (or about 2 percent) used "123456", more than 300,000 used "123456789", and so on. Except for "password" at No. 5 with 86,000 users, all the top 10 iMesh passwords were similarly common numerical sequences.
If you had an iMesh account, and your password was that bad, and you used that same brain-dead password and username on other accounts, then those other accounts have probably already been hacked.
Because the iMesh accounts included email addresses, IP addresses and country locations, LeakedSource established that the data dump included 13.7 million American users, nearly 4 million Turkish users and 3.6 million British users.
Hotmail was the most common email-address domain, followed by Yahoo. Gmail was a distant third, a sign that the bulk of the iMesh users signed up before Gmail was opened up to the general public in 2007.
