Tom, u up? MySpace — you know that game-changing social media platform that you created and sold — appears to have some serious security issues, dude.
Security researcher Leigh-Anne Galloway shared a blog post on Monday detailing a huge security flaw she spotted on Myspace’s account recovery page back in April.
“In April this year whilst roaming the plains of the wild world web, I stumbled across an old Myspace account of mine,” Galloway explains in the post. “Attempting to gain access and delete the account I discovered a business process so flawed it deserves its own place in history.”
Essentially, Galloway discovered that an attacker could use public information — info as basic as name, email address, username, and date of birth — to gain access to any myspace account by simply using the ‘Do Not Have Access To Old Email Address Form.”
Galloway shared the issue with the company … and, according to Galloway, she “received almost no response from Myspace, except an automated one.”
Why is this so troubling?
In 2016 you may recall that Myspace suffered a massive security breach involving 427 million passwords belonging to approximately 360 million users who created accounts before 2013. The database of passwords was then put online for all to see.
This is a bigger deal than it seems. In addition to the breach allowing hackers to access a trove of personal user information and direct messages from Myspace, basically everyone reuses their passwords (which for the record, is not something you should do). So the 2016 Myspace breach may have put a lot more people and accounts at risk than expected.
This, coupled with the fact that it’s been about three months since Galloway reported the most recent security flaw and she’s only received an automated response begs one very serious question: What are you doing Myspace?
In response to a request for comment, a Myspace spokesperson told Mashable, “In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access.”
“We take data security very seriously at Myspace,” the spokesperson went on. “We will continue to monitor the security of these accounts and make appropriate modifications.”
Okay, Myspace. But why did it take so long to even address the issue?
What even is Myspace nowadays?
The Myspace that today’s users know is far from the Myspace you left behind to join Facebook back in the day, and maybe that’s part of the problem.
After co-founder Tom Anderson sold the social media platform to NewsCorp in 2005, it was acquired in 2011 by Tim and Chris Vanderhook and Justin Timberlake. A year later, Timberlake attempted to bring sexy back to the site with a swanky new redesign and then the world basically never heard another peep about Myspace ever again.
Cut to today where the site appears to be a somewhat confusing, music-centered hub where people can stay informed on the music world but also chat with one another and maintain a personal profile.
The website’s stats page proudly displays the number of songs on the site, and a search bar at the bottom of the homepage gives you access to articles, songs, videos, and artists on what vaguely resembles iTunes.
According to the site, Myspace is currently comprised of 150 engineers, designers, writers, and strategists. For comparison, as of March 31, 2017 Facebook reported a whopping 18,770 employees. And back in 2016 Myspace received a reported 15 million monthly unique global visitors, whereas Facebook currently has around 2 billion monthly active users.
In other words: Myspace is not top dog. But you still have to care.
Do I really have to?
You may not use Myspace anymore but if you have an old dormant account, you either have to keep tabs on it or delete it completely. Breaches have happened before and they can happen again. That said, there’s no denying that the months-long delay in Myspace addressing the issue is concerning.
Myspace may be struggling to stay relevant in the modern era of social media, but there is one easy way to get people to take your site seriously: address your security flaws.