Until recently, a hacker could have gotten into your old Myspace account with just three easy-to-find things about you
Caroline Cakebread / Business Insider
It turns out, there was - until very recently - an easy way to hack into Myspace accounts. All you needed was an account holder's name, user name, and date of birth.
British cybersecurity blogger Leigh-Anne Galloway published a post on Monday about the security flaw. Her post was picked up by the Verge, among other outlets.
Galloway discovered the Myspace vulnerability in April while trying to regain access to her account so she could delete it. The site directed her to an account recovery page. In order to reset her password and allow her to regain control of her account, the page only asked that she provide her full name, user name, email address associated with the account and birth date.
As Galloway noted, most of that information is either public or fairly easy to find for most people, meaning that if hackers wanted to, they could fairly easily take control of any MySpace account. Galloway was concerned enough about the flaw that she notified Myspace soon after she discovered it. She said she never got a response other than an automated email telling her MySpace had gotten the message and would get back to her.
Galloway later discovered the situation was even worse than she thought. Although the recovery page indicated certain fields were required to reset an account, the page also tells visitors to just "try and fill out as many of the fields as you can." After testing it a bit, she discovered she was able to reset her password and gain access to her account without a valid email address
Interestingly, after Galloway published her post on Monday and it was picked up by various news outlets, the recovery page she used disappeared. The site now redirects visitors to a page prompting them to enter an email address to get instructions on how to reset their password.
It's unclear whether any Myspace accounts were compromised due to the vulnerability. Business Insider reached out to Myspace for comment and has not yet received a response.
This isn't the first or even the most serious security issue Myspace has faced. In 2016, a hacker stole and then tried to sell 360 million user email addresses and passwords.
Although it's largely an after-thought in the social networking world these days, Myspace still gets 50 million visits every month according to the Verge. In 2016 media giant Time purchased the social networking company for an undisclosed sum. Then Chairman and CEO of Time, Joe Ripp called the purchase "game changing."
Viant, a digital advertising platform, is the parent company of Myspace, and Time was likely looking to get in on Viant's user data for ad targeting purposes.
- Tesla tells some laid-off employees their separation agreements are canceled and new ones are on the way
- Taylor Swift's 'The Tortured Poets Department' is the messiest, horniest, and funniest album she's ever made
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- UP board exam results announced, CM Adityanath congratulates successful candidates
- RCB player Dinesh Karthik declares that he is 100 per cent ready to play T20I World Cup
- 9 Foods that can help you add more protein to your diet
- The Future of Gaming Technology
- Stock markets stage strong rebound after 4 days of slump; Sensex rallies 599 pts