Back before Facebook, Twitter and Instagram, one social network reigned supreme. It’s also one that just about everybody (but Tom!) has forgotten about. Yes, once upon a time people actually used Myspace. Maybe you did – and didn’t remember to actually delete your account when the world moved on.
Well, it looks like those accounts are prime for the picking. Security expert Leigh-Anne Galloway found out that the old social networking site’s recovery process is so fundamentally flawed that all anyone needs to recover your account is your real name, user name and birthday. Those are three pretty easy bits of information to get.
There’s truthfully not too much that can be done with a dormant MySpace account, unless you’ve still got pertinent information stored in your profile, but if you want to be on the safe side you should probably delete your old accounts. Galloway discovered the flaw in April and contacted Myspace about it, though they haven’t responded.
“So how seriously does Myspace take security? Not seriously at all. I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response. This has lead me to disclose the vulnerability while it still exists. It seems Myspace wants us all to take security into our own hands. If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately.
Perhaps this situation is not surprising as most of us no longer use Myspace. So why does this matter? Myspace is an example of the kind of sloppy security many sites suffer from, poor implementation of controls, lack of user input validation, and zero accountability. Whilst Myspace is no longer the number one social media site, they have a duty of care to users past and present.”
They did, however, respond to Engadget who pressed for comment.
“In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access. We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time.”
Last Updated: July 18, 2017
Frik van der Hewerskink
July 18, 2017 at 15:49
MySpace, now that’s a name I haven’t heard in a long long time.