If you’re one of those people who still uses Myspace, you might want to consider deleting your account or, at the very least, double-checking that your account is still secure. Security researcher Leigh-Anne Galloway discovered a flaw within the site that makes it alarmingly easy for just about anybody — who knows when you were born — to gain access to your account.
Galloway explained the flaw, which she says she’s been privately trying to get Myspace to fix for months, on her blog. She points to the site’s account-recovery page, where users who have lost access to their accounts, most likely due to a forgotten password, can get back in using personal information. To regain access, users need an email, username, birthday, and the full name of the account holder. Several of those pieces of information are publicly visible on Myspace, Galloway notes, and the site doesn’t actually check to see if the email address is right. Which means, if somebody knows your birth date, they can probably get into your Myspace account. And even if somebody didn’t know it, there’s this great thing called Google that would probably make it pretty easy to figure out. (The Verge tested this with a dummy account and was able to successfully manipulate the flaw.)
“Perhaps this situation is not surprising as most of us no longer use Myspace,” Galloway writes. “Whilst Myspace is no longer the number one social media site, they have a duty of care to users past and present.” Time to make sure nobody has gained access to your long-forgotten account and messed up your top eight.