Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Wednesday, August 23, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 47
Guests Online: 45
Members Online: 2

Registered Members: 101632
Newest Member: Kakonaldo
Latest Articles

Old MySpace Accounts An Easy Target For Hackers

Ten years ago, MySpace was one of the hottest sites on the Internet. In the U.S., MySpace was pulling in more than 72 million unique visitors every month. Facebook lagged way behind at just 23 million. Just four years later things had taken a dramatic turn. Facebook more than doubled, nearly reaching 160 million. MySpace traffic had dropped by nearly 50%.

Users had moved on to the next big thing and they left millions of MySpace accounts sitting idle as they spent more and more of their time on Facebook. Fast forward to this year, and all those idle MySpace accounts had become easy targets for hackers.

Leigh-Anne Galloway, the cyber resilience lead at Positive Technologies, noticed signs of trouble back in April. She spotted a serious shortcoming in the MySpace account recover tool.

Like many sites, MySpace provided a way to recover your account if you no longer used the email address you signed up with. Galloway discovered that MySpace was only asking for a few pieces of information that are not all that difficult to find: the username, real name, email address, and date of birth. According to Galloway the system also lacked sufficient brute forcing protections.

You may also remember a major security incident involving MySpace. In 2013, hackers gained access to full account information on around 360 million MySpace users. MySpace invalidated all the passwords, but the rest of that information -- which included usernames and email addresses -- has been floating around publicly ever since.

As Galloway notes, matching up a date of birth might be tricky, but it is certainly possible. With so much leaked, hacked, and overshared data floating around online, it is much easier than it should be.

The good news here is that MySpace has now enhanced [the recovery] process by adding an additional verification step to avoid improper access. A MySpace spokesperson added that the company take[s] data security very seriously and plan[s] to continue to refine and improve this process over time.

So what is the best way to keep an impersonator from trying to hijack your old MySpace account? If you no longer use it, delete it. Not just your MySpace account, either. If you have inactive accounts on other sites like it, delete them, too

Posted by rex_mundi
Source : Unknown
Wednesday 19 July 2017