Over the last few weeks there have been some very large data dumps made public, with the data from past LinkedIn and Myspace breaches perhaps being the most notable. Due to the allegedly weak encryption used to protect the data, there is also concern that credentials from the Myspace dump in particular could be used in phishing attempts and attempts to log in to accounts on other popular services such as Facebook and Twitter.
While the data is aged, it is quite possible that some users may not have changed their passwords within the last three years.
