14 DAY TRIAL // Gone are the days when Myspace was a successful service, but the millions of accounts that are still active on the site are exposed to hackers due to a bug that the parent company was super-slow to fix.
Security researcher Leigh-Anne Galloway has discovered a vulnerability in Myspace that allows anyone to hijack an account without actually knowing the password, with the account holder’s name, username, original email address, and birthday the only details that the service required.
All this information can be easily found online, with the name and the username even displayed on the Myspace page of each account, while the birthday and the mail could be found online with a little research.
Myspace ignored the bug report
The worst thing is that the researcher actually alerted Myspace of the vulnerability in April this year, but the service ignored the report, leaving the bug unpatched and accounts exposed to hackers.
Earlier this week, however, after Galloway decided to publish the findings on her blog, Myspace finally decided to address the vulnerability, but instead of rolling out a patch, it pulled the account recovery page completely.
“So how seriously does Myspace take security? Not seriously at all. I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response. This has lead me to disclose the vulnerability while it still exists. It seems Myspace wants us all to take security into our own hands. If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately,” she posted.
Given that not a lot of people are still using Myspace these days, the security vulnerability might not seem too significant at first, though the risks of getting hacked are substantially higher if the same credentials are also used elsewhere and personal information is involved.
At the same time, there still are active users who stick with the service for some reason or another, so at least for team Myspace should care a little bit more about security.