MySpace Nukes Massive Security Loophole (But Go Delete Your Stuff Anyway)

MySpace Nukes Massive Security Loophole (But Go Delete Your Stuff Anyway)

Remember Myspace? Yeah, it’s still a thing. And for months, the social network reportedly had a security flaw that made it ridiculously easy to hack into any profile with just a date of birth.

Image: thelefty / Shutterstock.com

Security researcher Leigh-Anne Galloway first reported the flaw on her blog on Monday. She said she’s been trying to get Myspace to fix it since April, but hasn’t heard back from anyone.

Galloway says the flaw resided within Myspace’s account recovery page. When a user tried to recover their account, they were asked to enter their full name, email, and date of birth. And apparently any account could be hijacked by just inputing the person’s birthday, Galloway says, because Myspace wasn’t validating users’ emails. After that, Myspace would just log you into the account and let you change the password and associated email.

But if you’re interested in testing the security flaw (or stealing someone’s account), hear this: As Galloway’s post was picked up by numerous news organisations, Myspace pulled the recovery page that Galloway cites in her post (myspace.com/account/recovery). We’re not sure when, exactly, Myspace made the change, but that URL now redirects to a “Log in” support page. The original form is still viewable via the Internet Archive’s Wayback Machine.

Another thing you should know about recovering old Myspace profiles is that there’s hardly any information left. When Myspace redesigned its site and rebranded as a music-focused social network, it changed everyone’s profiles to plain black and white, empty pallets.

The only things you might be able to recover are some old profile photos, videos and music playlists, but your coded wallpaper, glittery GIFs from Photobucket, and your Top 5 are all gone. Regardless, you should probably try to recover your own account before someone else does and steals the three remaining pre-teen-era public photos of you.

This is not the first time Myspace’s security has been compromised. Last year, about 360 million account passwords were leaked. LeakedSource reported that it was considered one of the biggest data breaches in history.

“It seems Myspace wants us all to take security into our own hands,” Galloway wrote on her blog. “If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately.”

We reached out to Myspace, but had not heard back at time of writing.

[ Leigh-Anne Galloway via The Verge]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.