Until recently, if you still had a Myspace account, your account has been at risk due to a flaw in Myspace’s account recovery system. According to The Verge, security expert Leigh-Anne Galloway discovered a flaw regarding the antiquated account recovery process associated with Myspace accounts. According to Galloway, stealing someone’s account was much easier than it should have been. Usually, when recovering an account, the website asks for the user’s email address, username, account holder’s name and birthday, but due to the flaw, the account could actually be recovered and accessed just with the knowledge of the user’s birthday.
After Galloway made this claim, The Verge independently tested her method and confirmed that her claims were actually true. Once the account is accessed through the user’s birthday, a potential hacker could have changed the account’s password, therefore, locking the legitimate user out of their own account. After this confirmation, Galloway told The Verge that she had told Myspace about this security issue back in April but heard nothing back. Lastly, The Verge was later able to confirm, at around 3:30 PM ET on July 17th, that Myspace seemed to have removed the account recovery page in question, which, in turn, removed access to the security flaw.
Due to the fact that Myspace is certainly not the most popular social network at this point, unfettered access to users’ accounts could have caused a level of social and personal damage. Contrary to what most believe, Myspace still racks up tens of millions of individual users a month and was purchased by Time Inc. in 2016. While Time is definitely not going to revive the long out of style Myspace, Time definitely gained a large amount of user information that the social network aggregated throughout its lifespan.
In short, while this does not seem to have affected very many users, social network users should learn a lesson from this security flaw. It is usually a good idea to occasionally log-in to social network accounts in order to determine whether your account has been compromised through flaws such as the one previously mentioned.