Slashdot Mirror
It's Trivially Easy to Hack into Anybody's Myspace Account (vice.com)
If you are one of the almost half a billion people who at some point used to be on Myspace, the hottest social network of the early 2000s, you should know that almost anyone can hack into your account. From a report: Myspace offers a mechanism to recover an account for people who have lost access to their old associated email address. A security researcher has discovered that it's relatively easy to abuse this mechanism to hack into anyone's account. All a wannabe hacker needs is the target's full name, username, and date of birth. Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.
That site still exists?
.... and .....?
What happens if someone hacks an account from a long lost social media site? Will anyone notice?
No matter where you go, there you are.
For all 3 people who still use myspace
Who still uses Myspace? Clearly, the world has moved on to LiveJournal. -PCP
"Pok pok pok, P'kok!"
Just let me load up my 56K modem and I'll make a note to hack some profiles after I've finished hacking the Gibson.
Finally somebody will be using my MySpace account again.
The locomotives of Lake Chamberlain Logging and Paper Company, Maine have absolutely no security and they are sitting there in the jungle clearing for any one to come in ride away (after raising steam and laying the railroad)
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I hacked msmash's account and posted this article.
I also hacked Anonymous Cowards account and posted this post.
It was trivially easy to do so!
This might sound bad at first, but the username, full name and date of birth of most Myspace users only appear in a place where nobody sees them: on their Myspace page.
Yeah - I doubt they even have enough data on anyone to ask for more information than the above. Short of questions like "What where you doing on Jan 12 2002". Heck, even that they might not have.
From my memory of every time I visited someone's myspace page back in the day, it was 1) wait for site to load 2) mute the 4-10 songs that the myspace user set to autoplayed 3) wait for whatever 3rd party skin the myspace user decided to use loaded 4) hit the force close button because my browser just locked up.
Convince me why this might be better than GeoCities.
This is one way to get more users.
In all seriousness, does anyone even remember which email address they used for their Myspace account?
in 10 years. Keep that in mind as you post on it.
What will Zuckerberg do with all that information when he is getting desperate?
Just a recap for context.
The Vanderhooks, who own SpecificMedia (bankrupted and renamed to Viant), bought MySpace to mine for contextual/behavioral advertising data. You can imagine migrating active user data from MySpace cookies into the sm cookie equivalent at login and a different set of inactive user data from one DB to another. Investment for the purchase came from various suckers, including Justin Timberlake. Timberlake had an unvisited office on the Viant uppermost floor. I am not aware of any current working relationship.
After a short time, most of the technical staff was let go. The site was put in keep-the-lights-on mode and will never have such a change implemented by the limited staff and budget allocated to it's current maintenance state.
I love the way that the ITsec industry is a shame-economy one. Improvement by mudding
This is good, the past is now preserved. Or is Myspace still used?
You assume that I use my correct date of birth when signing up for accounts. In some cases, I don't even use my real name.
Have gnu, will travel.
This kind of stupidity is exactly why I don't give out any truthful information on any site. I make up fake birthday's and random answers to "security" questions.
Fuck these idiot sites. My password is different for every single place, ever, and it's long and complicated. I don't need layers of bullshit on top of it.
Well as usual when I sign up to stuff I always use a false name, false DOB use a unique email address and I never, ever, give out my phone number.
So anyone trying to hack my MySpace account will not get far. Then again even if they do hack it they won't get much either. A few music files at the most.
Beavis: Yea?
Butthead: He used his real date of birth on his MySpace account
Beavis: What a dumbass, heh heh.
Butthead: Heh heh heh heh heh heh. What's MySpace?
We'll make great pets
I'm sure I used my college e-mail address. The one they shut down and deleted immediately after graduation because it would save precious megabytes of storage space on their servers.
It likely would be much easier to "hack" than try to go through recovering it the normal way.
Why, Sell it of course! Doesn't anybody READ the EULA these days?
It's been forever since I looked at anything on MySpace... but as I recall? One of the last big pushes the site made to remain relevant was inviting entertainment-related businesses and individuals to use it as a one-stop place to find out schedules for stand-up comedy clubs, local musicians' tour dates and so forth.
That, too, may be obsolete today ... but I wouldn't be surprised if a lot of smaller clubs still have a presence there that somebody makes a marginal effort to update, just because they never put in the time or effort to change?
Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.
Leigh-Anne, you dear, needed to be informed 3 months ago that... MySpace isn't a thing anymore. Let's face it: The MySpace Guy just isn't that interesting enough anymore to want to know or hack-to-know.
All jokes aside, though, there is still a pretty legit attack vector; the internet is still filled with complacent users. Chances are the same email, name and birth date lives as a user on any of the new-kid social media blocks, too. That's the valuable diamond-in-the-rough part to take away.
Groovy, man. Where are my bell bottoms? Oh no...I left them hanging on the line for 40 years, and somebody stole them.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I do not have a MySpace account! Try to hack that....
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Both remaining MySpace users (and Tom) are aghast...
It is also trivially easy to create a fake myspace account (or really any account) with someone else's credentials.
"...and the site hasn't acknowledged or fixed it."
Nobody cares.
Now with 40 hours free per month!
I would miss Prodigy if i didn't remember how much it sucked. Nostalgia is deceptive.
the hottest social network of the early 2000s
Myspace was founded in August 2003, so it didn't exist in the "early 2000s".
finding somebody with a Myspace account
What will Zuckerberg do with all that information when he is getting desperate?
I'm trying to imagine what he would do that he's not already doing.