Categories: Security

Account Recovery Flaw Leaves Myspace Data Open To Hackers

A security researcher has revealed that anyone’s old Myspace account can be easily accessed just by knowing a few basic pieces of personal information.

Myspace became one of most popular social network sites following its creation in 2003, but was rapidly overtaken by Facebook and others.

At its peak it attracted around 75 million active users a month and these users have now been warned that their accounts are at risk of being hacked.

Open door

According to Leigh-Anne Galloway, a security researcher at Positive Technologies, the account recovery mechanism that Myspace provides for users who no longer have access to their old email addresses can be quite easily tricked into letting anyone in.

All hackers need to know the target user’s full name, username and date of birth, all information that is often freely available from other social networks.

Speaking to Motherboard, Galloway said: “Companies have a duty of care to users past and present. Myspace is an enormous graveyard of personal data. If you have an end of life application or website, you have to have a plan.”

She added that she was “horrified” at Myspace’s “complete lack of due diligence” when it comes to the privacy of their former users.

Motherboard confirmed the Galloway’s claims, testing the flaw on two accounts and finding that it was able to “write new posts, read old messages, and basically do whatever the account owner’s could do”.

Speaking to Silicon, a spokeswoman said: “In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access. We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time.”

The news comes after 360 million MySpace accounts were stolen and leaked online last year, many of which contained username and password information.

Are you a security pro? Try our quiz!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago