Account Recovery Flaw Leaves Myspace Data Open To Hackers

Claudine Rigal
Juillet 18, 2017

Galloway says she informed Myspace about the vulnerability nearly three months ago, but she hasn't received a response from the website, nor has the issue yet been fixed.

On the recovery page of the social network, which is created to help users regain access to their account if they have lost or forgotten their password, there are just four pieces of information linked to an account: the account holder's name, username, email address and birthday.

FRINGE PICTURE SHARING WEBSITE Myspace is really, really easy to hack, and it's probably time you deleted your account.

According to security researcher Leigh-Anne Galloway, the MySpace account recovery page included an apparent flaw that would allow any person to gain access to an account if they knew the account holder's birthday. The social network, which has dropped to about 50 million monthly active users-a fraction of Facebook's two billion users per day-ignored the warning from the security researcher. When a user tried to recover their account, they were asked to enter their full name, email, and date of birth.

The account holder's name and username are both publicly listed on their profile page.

Users who would rather not risk the possibility of this or a similar vulnerability leading to their account being compromised can delete their account by logging into their MySpace account, going to "My Stuff", then "Account Settings". It seems Myspace wants us all to take security into our own hands. A version of the account recovery page is still viewable via an archived page. The "Do Not Have Access To Old Email Address" page I accessed looked different than the one shown on Galloway's blog and I was not granted immediate access to the test account. Last year, about 360 million account passwords were leaked.

ICYMI: MySpace set to relaunch in late 2012! Business Insider reached out to Myspace for comment and has not yet received a response.

As Galloway noted, most of that information is either public or fairly easy to find for most people, meaning that if hackers wanted to, they could fairly easily take control of any MySpace account.

D'autres rapports CampDesrEcrues

Discuter de cet article