You may not have thought much about your Myspace page in a long time, but you might want to give it some thought now.
It turns out, there was — until very recently — an easy way to hack into Myspace accounts. All you needed was an account holder’s name, user name, and date of birth.
Galloway discovered the Myspace vulnerability in April while trying to regain access to her account so she could delete it. The site directed her to an account recovery page. In order to reset her password and allow her to regain control of her account, the page only asked that she provide her full name, user name, email address associated with the account and birth date.
As Galloway noted, most of that information is either public or fairly easy to find for most people, meaning that if hackers wanted to, they could fairly easily take control of any MySpace account. Galloway was concerned enough about the flaw that she notified Myspace soon after she discovered it. She said she never got a response other than an automated email telling her MySpace had gotten the message and would get back to her.
Galloway later discovered the situation was even worse than she thought. Although the recovery page indicated certain fields were required to reset an account, the page also tells visitors to just “try and fill out as many of the fields as you can.” After testing it a bit, she discovered she was able to reset her password and gain access to her account without a valid email address
Interestingly, after Galloway published her post on Monday and it was picked up by various news outlets, the recovery page she used disappeared. The site now redirects visitors to a page prompting them to enter an email address to get instructions on how to reset their password.
It’s unclear whether any Myspace accounts were compromised due to the vulnerability. Business Insider reached out to Myspace for comment and has not yet received a response.
This isn’t the first or even the most serious security issue Myspace has faced. In 2016, a hacker stole and then tried to sell 360 million user email addresses and passwords.
Although it’s largely an after-thought in the social networking world these days, Myspace still gets 50 million visits every month according to the Verge. In 2016 media giant Time purchased the social networking company for an undisclosed sum. Then Chairman and CEO of Time, Joe Ripp called the purchase “game changing.”
Viant, a digital advertising platform, is the parent company of Myspace, and Time was likely looking to get in on Viant’s user data for ad targeting purposes.
Business Insider Emails & Alerts
Site highlights each day to your inbox.