Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Old MySpace Accounts An Easy Target For Hackers


Old MySpace Accounts An Easy Target For Hackers

Ten years ago, MySpace was one of the hottest sites on the Internet. In the U.S., MySpace was pulling in more than 72 million unique visitors every month. Facebook lagged way behind at just 23 million. Just four years later things had taken a dramatic turn. Facebook more than doubled, nearly reaching 160 million. MySpace traffic had dropped by nearly 50%.

Users had moved on to the next big thing and they left millions of MySpace accounts sitting idle as they spent more and more of their time on Facebook. Fast forward to this year, and all those idle MySpace accounts had become easy targets for hackers.


Leigh-Anne Galloway, the cyber resilience lead at Positive Technologies, noticed signs of trouble back in April. She spotted a serious shortcoming in the MySpace account recover tool.

Like many sites, MySpace provided a way to recover your account if you no longer used the email address you signed up with. Galloway discovered that MySpace was only asking for a few pieces of information that are not all that difficult to find: the username, real name, email address, and date of birth. According to Galloway the system also lacked sufficient brute forcing protections.

You may also remember a major security incident involving MySpace. In 2013, hackers gained access to full account information on around 360 million MySpace users. MySpace invalidated all the passwords, but the rest of that information – which included usernames and email addresses – has been floating around publicly ever since.

As Galloway notes, matching up a date of birth might be tricky, but it is certainly possible. With so much leaked, hacked, and overshared data floating around online, it is much easier than it should be.

The good news here is that MySpace has now enhanced [the recovery] process by adding an additional verification step to avoid improper access. A MySpace spokesperson added that the company take[s] data security very seriously and plan[s] to continue to refine and improve this process over time.

So what is the best way to keep an impersonator from trying to hijack your old MySpace account? If you no longer use it, delete it. Not just your MySpace account, either. If you have inactive accounts on other sites like it, delete them, too

Comments
Sorry but there are no comments to display