Of course this is all assuming an even distribution of accounts over services at similar times which will never be before Linked In was.What we really need though is more data from between 20.
There are still 25M accounts in the My Space data so the incident certainly happened that early 2007 time frame (I recall there were a lot of people in the beta, but I doubt it was enough for 25M of them to have My Space accounts), but how much after?
Going back to another recent large incident, here's how the data on Linked In breaks down: This is obviously a really different split; Gmail is now well and truly out front which is more commensurate with what we'd expect today.
Keep in mind that Linked In was hacked in May 2012 so now we have a window somewhere between then and 2007.
There are likely some interesting insights to take away from the passwords alone, but it's the email addresses that can help us actually date the thing.
When we look at the top 3 email address in the My Space breach by domain, we see an interesting distribution: What's up with Gmail?!
Here we have the world's largest provider of email addresses and it has only a fifth the prevalence of Yahoo addresses.Think of the email account distribution like this: But what we need to remember with Gmail is that they're a relatively new player.It's been a crazy time for data breaches and as I wrote yesterday, we've seen a very distinct pattern of historical mega breaches lately.Fling in 2011, Linked In in 2012, tumblr in 2013 and the mother of them all, My Space in, well, we don't quite know. Firstly, the only data in the breach is an incrementing ID (possibly an internal My Space identifier which would enable to date it), an email address, username and one or two passwords.There's been no information forthcoming from anyone about when this breach actually occurred and there's no explicit indicators in the data dump either (sometimes there are timestamps on account creation or website activity). The passwords are stored as SHA1 hashes of the first 10 characters of the password converted to lowercase.That's right, truncated and case insensitive passwords stored without a salt.