In case you didn’t already have enough reasons to delete your embarrassing abandoned Myspace account, here’s a really good one – it is incredibly easy to hack into and make you a victim of personal information theft.
It’s been a really long time since the website’s popularity hit its peak and then rapidly spiraled downwards, but there are still millions of accounts that haven’t been deactivated yet.
In case you’re feeling nostalgic and want to check who was in your top eight friends back in 2007, Myspace got you covered: it offers an account recovery mechanism for those who can’t access their old associated email address.
Leigh-Anne Galloway, a security researcher, warns us of how easy it is to abuse this recovery tool since the only information a hacker has to know in order to access the desired account is the full name of their target, the username, and date of birth. This is why it deserves its own place in history, Galloway slams the site.
Galloway explains in a blog post that all of this information can easily be found by googling. Username is a part of the profile’s URL, and the name is on the profile page. Date of birth is the only thing that might give a hacker some trouble, but it is not impossible to find.
Galloway tried to inform Myspace of the fatal flaw in their security system by contacting them almost three months ago, without ever getting an answer or seeing that the issue has been fixed. Myspace doesn’t take security seriously at all, Galloway concluded.
All of this lead Galloway to become vocal about the issue, spreading the word and recommending everyone who still has an account to delete it as soon as possible.
It doesn’t take for anyone to go too far back in order to see that Galloway is right: just last year Myspace was hacked, releasing 360 million account and password details. The accidental owners on Myspace, Time Inc, blamed the Russian hacker for the attack.
As they say, they believe that the attack was done by Russian cyber hacker under the nickname of “Peace”. Reportedly, the person behind the name is also responsible for other hackings on LinkedIn and Tumblr and has bragged about the data being collected from a past breach on the paid hacker searching engine.