Application security

MySpace patches flaw allowing easy account hijacking


MySpace has reportedly patched a flaw that would allow a hacker to hijack an account using only a person's name, username and birth date.

The vulnerability was discovered by researcher Leigh-Anne Galloway and reported on by Graham Cluley. Galloway blogged that she discovered the issue in April when she attempted to delete her old MySpace account, informed the former social media giant of the problem, but only received in return an automated message from the company.

After waiting three months for an additional reply from MySpace Galloway went public writing a lengthy blog on exactly how simple it was to grab any MySpace member's account.

“I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response. This has lead me to disclose the vulnerability while it still exists. It seems Myspace wants us all to take security into our own hands. If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately,” Galloway wrote.

This public disclosure prompted MySpace to take action, and Cluley reported that the company immediately fixed the problem.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.