Slashdot Mirror

← Back to Stories (view on slashdot.org)

It's Trivially Easy to Hack into Anybody's Myspace Account (vice.com)

Posted by msmash on from the security-woes dept.

If you are one of the almost half a billion people who at some point used to be on Myspace, the hottest social network of the early 2000s, you should know that almost anyone can hack into your account. From a report: Myspace offers a mechanism to recover an account for people who have lost access to their old associated email address. A security researcher has discovered that it's relatively easy to abuse this mechanism to hack into anyone's account. All a wannabe hacker needs is the target's full name, username, and date of birth. Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.

38 of 68 comments (clear)

  1. MySpace? by Anonymous Coward · · Score: 5, Insightful

    That site still exists?

    1. Re:MySpace? by Anonymous Coward · · Score: 2, Funny

      <BLINK>That site still exists?</BLINK>

      FTFY.

    2. Re:MySpace? by puddingebola · · Score: 1

      First my CompuServe and Prodigy accounts, now this.

    3. Re:MySpace? by interkin3tic · · Score: 1

      No, which is why it's so easy to hack.

      I just hacked your myspace account and downloaded all the stuff you had on it.

      Now I just made 500 more myspace accounts than you had.

      Now I deleted them all.

      You can't stop me.

    4. Re:MySpace? by FilmedInNoir · · Score: 2

      I imagine no one responded because the one sysAdmin is now just a skeleton in a locked closet, hunched over a desk, killed when his CRT monitor blew up in his face.

      --
      Sig. Sig. Sputnik
    5. Re:MySpace? by DontBeAMoran · · Score: 1

      Now I deleted them all.

      You can't stop me.

      Oh, we won't.

      --
      #DeleteFacebook
    6. Re:MySpace? by Tablizer · · Score: 1

      Yes, MySpace probably put holes on purpose, hoping hackers will place new content on it.

      --
      Table-ized A.I.
  2. It's Trivially Easy to Hack into Anybody's Myspace by Anonymous Coward · · Score: 1

    .... and .....?

  3. Will anyone notice? by myth24601 · · Score: 1

    What happens if someone hacks an account from a long lost social media site? Will anyone notice?

    --
    No matter where you go, there you are.
  4. Finally ! by Anonymous Coward · · Score: 1, Funny

    Finally somebody will be using my MySpace account again.

  5. Next Breaking story! by 140Mandak262Jamuna · · Score: 3, Interesting

    The locomotives of Lake Chamberlain Logging and Paper Company, Maine have absolutely no security and they are sitting there in the jungle clearing for any one to come in ride away (after raising steam and laying the railroad)

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Next Breaking story! by 140Mandak262Jamuna · · Score: 1

      I just made up some name for the paper company. Looks the correct name is Great Northern Paper. Is it the Bounty competitor Northern?

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    2. Re:Next Breaking story! by interkin3tic · · Score: 1

      Except that's sad. I feel bad for those poor old trains. They never did anything to hurt anyone like blast a stupid midi file on someone's browser.

    3. Re: Next Breaking story! by KGIII · · Score: 1

      GNP is defunct. They have been since before I retired and moved here. They made newsprint, as I recall.

      --
      "So long and thanks for all the fish."
  6. Not a big problem by Hentes · · Score: 1

    This might sound bad at first, but the username, full name and date of birth of most Myspace users only appear in a place where nobody sees them: on their Myspace page.

  7. Re:It's Trivially Easy to Hack into Anybody's Mysp by JackieBrown · · Score: 2

    Yeah - I doubt they even have enough data on anyone to ask for more information than the above. Short of questions like "What where you doing on Jan 12 2002". Heck, even that they might not have.

    From my memory of every time I visited someone's myspace page back in the day, it was 1) wait for site to load 2) mute the 4-10 songs that the myspace user set to autoplayed 3) wait for whatever 3rd party skin the myspace user decided to use loaded 4) hit the force close button because my browser just locked up.

  8. Huh? Are they new? by Anonymous Coward · · Score: 3, Funny

    Convince me why this might be better than GeoCities.

    1. Re:Huh? Are they new? by s.petry · · Score: 1

      Searching Prodigy for your answer, hang on a while...

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  9. More users by dysmal · · Score: 1

    This is one way to get more users.

    In all seriousness, does anyone even remember which email address they used for their Myspace account?

    1. Re:More users by Tablizer · · Score: 2

      does anyone even remember which email address they used for their Myspace account?

      test@NewInternetThingy.com

      --
      Table-ized A.I.
  10. The same thing will happen with your Facebook page by cyn1c77 · · Score: 4, Insightful

    in 10 years. Keep that in mind as you post on it.

    What will Zuckerberg do with all that information when he is getting desperate?

  11. Shame by cloud.pt · · Score: 1

    I love the way that the ITsec industry is a shame-economy one. Improvement by mudding

  12. Arkeology by heson · · Score: 1

    This is good, the past is now preserved. Or is Myspace still used?

  13. Date of birth by PPH · · Score: 1

    You assume that I use my correct date of birth when signing up for accounts. In some cases, I don't even use my real name.

    --
    Have gnu, will travel.
  14. Re:Superchicken by Chris+Mattern · · Score: 1

    You knew the job was dangerous when you took it, Fred.

  15. Hey Beavis... by zifn4b · · Score: 2

    Beavis: Yea?
    Butthead: He used his real date of birth on his MySpace account
    Beavis: What a dumbass, heh heh.
    Butthead: Heh heh heh heh heh heh. What's MySpace?

    --
    We'll make great pets
  16. Re:It's Trivially Easy to Hack into Anybody's Mysp by interkin3tic · · Score: 1

    I'm sure I used my college e-mail address. The one they shut down and deleted immediately after graduation because it would save precious megabytes of storage space on their servers.

    It likely would be much easier to "hack" than try to go through recovering it the normal way.

  17. Biggest problem here might be for venues? by King_TJ · · Score: 1

    It's been forever since I looked at anything on MySpace... but as I recall? One of the last big pushes the site made to remain relevant was inviting entertainment-related businesses and individuals to use it as a one-stop place to find out schedules for stand-up comedy clubs, local musicians' tour dates and so forth.

    That, too, may be obsolete today ... but I wouldn't be surprised if a lot of smaller clubs still have a presence there that somebody makes a marginal effort to update, just because they never put in the time or effort to change?

    1. Re:Biggest problem here might be for venues? by theurge14 · · Score: 1

      Pretty sure that's all been moved to Facebook a while ago.

  18. Leigh-Anne Galloway, I have a memo for you! by adosch · · Score: 1

    Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.

    Leigh-Anne, you dear, needed to be informed 3 months ago that... MySpace isn't a thing anymore. Let's face it: The MySpace Guy just isn't that interesting enough anymore to want to know or hack-to-know.

    All jokes aside, though, there is still a pretty legit attack vector; the internet is still filled with complacent users. Chances are the same email, name and birth date lives as a user on any of the new-kid social media blocks, too. That's the valuable diamond-in-the-rough part to take away.

  19. Groovy man by istartedi · · Score: 1

    Groovy, man. Where are my bell bottoms? Oh no...I left them hanging on the line for 40 years, and somebody stole them.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  20. Joke's on you! by gweihir · · Score: 1

    I do not have a MySpace account! Try to hack that....

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Joke's on you! by Anonymous Coward · · Score: 1

      I could fix that for you. -PCP

  21. Re:Whoa! by DontBeAMoran · · Score: 1

    It is in fact over 65535. - MCP

    --
    #DeleteFacebook
  22. And on that note.. It is also Trivially Easy by Arzaboa · · Score: 1

    It is also trivially easy to create a fake myspace account (or really any account) with someone else's credentials.

  23. Because... by Nexion · · Score: 1

    "...and the site hasn't acknowledged or fixed it."

    Nobody cares.

  24. Re:The same thing will happen with your Facebook p by thegarbz · · Score: 1

    What will Zuckerberg do with all that information when he is getting desperate?

    I'm trying to imagine what he would do that he's not already doing.

  25. Re:That's bad news by s.petry · · Score: 1

    That is 4 people if you count goatse you insensitive clod!

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.