1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Myspace account recovery flaw makes it incredibly easy to hijack accounts

By Shawn Knight ยท 4 replies
Jul 17, 2017
Post New Reply
  1. Social networking pioneer Myspace is in the news today following the discovery of an embarrassing security vulnerability that makes it incredibly easy to take control of someone’s account.

    Security researcher Leigh-Anne Galloway stumbled across her old Myspace account back in April. While attempting to log in to delete the account, she realized that it was possible for anyone to gain access to any Myspace account using the site’s flawed account recovery process.

    According to Galloway, all one needs to know to gain access to an account is the target user’s name, username and date of birth – most all of which can be found with relative ease online (users' names and usernames are displayed on their Myspace profiles, for example).

    I tried recreating the vulnerability using a dummy account but it appears as though Myspace may have just modified their recovery process. The “Do Not Have Access To Old Email Address” page I accessed looked different than the one shown on Galloway’s blog and I was not granted immediate access to the test account. Other sites tested the flaw and were able to confirm Galloway’s claims although that was earlier in the day. As such, your results may vary.

    Galloway reached out to Myspace with information regarding the vulnerability in April but received nothing more than an automated response, hence the public disclosure.

    In the event that you once had an account, it’d probably be wise to go back and delete it (assuming of course that you can remember the details to get back in). Very few people use the site these days but still, there’s no reason why it should be this easy to hijack an account.

    Permalink to story.

  2. merikafyeah

    merikafyeah TS Addict Posts: 164   +116

    At this point people still using Myspace may even be glad their accounts were hacked. Can get a good chuckle out of that.
    JaredTheDragon likes this.
  3. Danny101

    Danny101 TS Guru Posts: 705   +262

    Myspace still around? I did like the soundtrack option.
  4. JaredTheDragon

    JaredTheDragon TS Guru Posts: 549   +370

    The only reason MySpace lost users was Langley's relentless promotion of their underpowered, featureless, and terrible alternative. They JUST got .gifs. Just now. Fifteen years later. That's how omnipotent the suits are when it comes to tech.
  5. Panda218

    Panda218 TS Evangelist Posts: 587   +301

    I really liked that you were able to edit your page with HTML. Many fun pranks were pulled on people who left their profiles open on their PCs.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...