Remember Myspace? Yeah, it’s still a thing. And for months, the social network reportedly had a security flaw that made it ridiculously easy to hack into any profile with just a date of birth.
Security researcher Leigh-Anne Galloway first reported the flaw on her blog Monday morning. She said she’s been trying to get Myspace to fix it since April, but hasn’t heard back from anyone.
Galloway says the flaw resided within Myspace’s account recovery page. When a user tried to recover their account, they were asked to enter their full name, email, and date of birth. And apparently any account could be hijacked by just inputting the person’s birthday, Galloway says, because Myspace wasn’t validating users’ emails. After that, Myspace would just log you into the account and let you change the password and associated email.
But if you’re interested in testing the security flaw (or stealing someone’s account), hear this: As Galloway’s post was picked up by numerous news organisations, Myspace pulled the recovery page that Galloway cites in her post (myspace.com/account/recovery). We’re not sure when, exactly, Myspace made the change, but that URL now redirects to a “Log in” support page. The original form is still viewable via the Internet Archive’s Wayback Machine.
Another thing you should know about recovering old Myspace profiles is that there’s hardly any information left. When Myspace redesigned its site and rebranded as a music-focused social network, it changed everyone’s profiles to plain black and white, empty pallets.
The only things you might be able to recover are some old profile photos, videos, and music playlists, but your coded wallpaper, glittery GIFs from Photobucket, and your Top 5 are all gone. Regardless, you should probably try to recover your own account before someone else does and steals the three remaining pre-teen-era public photos of you.
This is not the first time Myspace’s security has been compromised. Last year, about 360 million account passwords were leaked. LeakedSource reported that it was considered one of the biggest data breaches in history.
“It seems Myspace wants us all to take security into our own hands,” Galloway wrote on her blog. “If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately.”
More Cybersecurity Posts:
Ukrainian politicians have openly pinned the attack on the Russian government.
The US Government has been making such demands for a while, and now it's starting to get what it wants.
Crime Group Behind 'Petya' Ransomware Resurfaces to Distance Itself From This Week's Global Cyberattacks
Janus Cybercrime Solutions, the author of Petya resurfaced on Twitter late Wednesday night, seemingly offering to help those whose files can no longer be recovered.
Ransomware Victims Are Unable to Decrypt Files After Email Provider Controversially Shuts Down Attackers' Inbox
Another major cyberattack attack is quickly spreading across Europe and has now infected systems in the US as well.