Old MySpace Accounts An Easy Target For Hackers
Users had moved on to the next big thing and they left millions of MySpace accounts sitting idle as they spent more and more of their time on Facebook. Fast forward to this year, and all those idle MySpace accounts had become easy targets for hackers.
Leigh-Anne Galloway, the cyber resilience lead at Positive Technologies, noticed signs of trouble back in April. She spotted a serious shortcoming in the MySpace account recover tool.
Like many sites, MySpace provided a way to recover your account if you no longer used the email address you signed up with. Galloway discovered that MySpace was only asking for a few pieces of information that are not all that difficult to find: the username, real name, email address, and date of birth. According to Galloway the system also lacked sufficient brute forcing protections.
You may also remember a major security incident involving MySpace. In 2013, hackers gained access to full account information on around 360 million MySpace users. MySpace invalidated all the passwords, but the rest of that information -- which included usernames and email addresses -- has been floating around publicly ever since.
As Galloway notes, matching up a date of birth might be tricky, but it is certainly possible. With so much leaked, hacked, and overshared data floating around online, it is much easier than it should be.
The good news here is that MySpace has now enhanced [the recovery] process by adding an additional verification step to avoid improper access. A MySpace spokesperson added that the company take[s] data security very seriously and plan[s] to continue to refine and improve this process over time.
So what is the best way to keep an impersonator from trying to hijack your old MySpace account? If you no longer use it, delete it. Not just your MySpace account, either. If you have inactive accounts on other sites like it, delete them, too