Dating myspace comments
I wrote to Myspace describing my findings and the impact.After almost three months I received almost no response from Myspace, except an automated one.Username is located in the profile url, and name is located on the profile page: Date of birth is probably the hardest of all three to obtain, but not impossible.The good news is that you can remove your account completely.If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately.Perhaps this situation is not surprising as most of us no longer use Myspace. Myspace is an example of the kind of sloppy security many sites suffer from, poor implementation of controls, lack of user input validation, and zero accountability.In April this year whilst roaming the plains of the wild world web, I stumbled across an old Myspace account of mine.
Myspace were kind enough to implement an account recovery feature, which looks like this: I completed the account recovery form assuming that the request would be forwarded to a human who would verify my identity before assisting me in recovering my account.Myspace may no longer be relevant as a social media site, but its treatment of security is as relevant as ever. Try to imagine a time when Facebook and Twitter weren’t the top social media websites in use.To understand how Myspace got to this state, let’s start at the beginning. Go back a bit further, way back and you’ll arrive in a year called 2006. The world had begun to move on, everyone was emigrating to the new platform called Facebook. It emerged that Myspace had (historically none the less) suffered one of the largest breaches in history.Here’s the current email address “[email protected]”. Let’s go back to the account recovery form and fill in a fake email address “[email protected]”. it turns out some of those fields aren’t required at all. Myspace only validates name, username and date of birth.The full name and the username of the account holder can be found from a simple google.