Myspace: Users urged to delete old accounts so strangers don’t resurrect them
The account recovery process has been branded 'so flawed it deserves its own place in history'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.People who still have Myspace accounts are being urged to delete them as soon as they can.
A cyber security expert has discovered serious issues with a tool the site offers to people who want to regain access to their old accounts.
The process has been branded “so flawed it deserves its own place in history”, and could allow anyone to resurrect your account and steal your private information.
Myspace had its heyday around 10 years ago, with the launch of newer social media sites like Facebook and Twitter causing the site to fade out of relevance.
However, though most people no longer use Myspace, you might not have actually deleted your account yet.
Chances are, you forgot about it, set it up so long ago that you no longer remember your login details, or no longer use the email address you set it up with.
Myspace has considered these factors, and lets you easily recover your account without forcing you remember these long-forgotten details.
Unfortunately, the process is frighteningly easy.
Security researcher Leigh-Anne Galloway has found that you can restore any account with just three pieces of information.
“Myspace only validates name, username and date of birth,” she says. “The full name and the username of the account holder can be found from a simple google. Username is located in the profile url, and name is located on the profile page. Date of birth is probably the hardest of all three to obtain, but not impossible.”
Lots of people list their date of birth on their Facebook profile, and some even list it on Twitter.
As Ms Galloway explains, “This vulnerability allows anyone access to any Myspace account, with only three pieces of information.”
She added: “If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately.”
She alerted Myspace to the problem in April, and only received an automated response from the company, which last year revealed that 360 million accounts were compromised as part of a massive hack dating back to 2013.
“In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access,” Myspace told the Next Web.
“We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments