FRINGE PICTURE SHARING WEBSITE Myspace is really, really easy to hack, and it's probably time you deleted your account.
Myspace, a social network that encouraged you to rank your friends, is largely redundant nowadays, but there are still millions of people with accounts set up on the website.
If you fancy a blast from the past and want to see what emo song you last set to autoplay on your profile, Myspace offers an account recovery mechanism for people who have lost access to their old associated email address.
However, security researcher Leigh-Anne Galloway has revealed that it's pretty easy to abuse this recovery tool, which she describes as "so flawed it deserves its own place in history", as it'll let hackers access any Myspace account as long as they have just three bits of information - the target's full name, username and date of birth.
"Myspace only validates name, username and date of birth. The full name and the username of the account holder can be found from a simple google. Username is located in the profile URL, and name is located on the profile page," Galloway said in a blog post.
"Date of birth is probably the hardest of all three to obtain, but not impossible."
Galloway says she informed Myspace about the vulnerability almost three months ago, but she hasn't received a response from the website, nor has the issue yet been fixed.
"So how seriously does Myspace take security? Not seriously at all. I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response," Galloway said.
"This has lead me to disclose the vulnerability while it still exists. It seems Myspace wants us all to take security into our own hands. If there is a possibility that you still have an account on Myspace, I recommend you delete your account immediately."
Just last year, MySpace was the victim of a hack that saw the that has seen the release of 360 million presumably redundant account and password details.
Time Inc, which accidentally purchased MySpace back in February last year, attributed the attack to Russian hackers.
"We believe the data breach is attributed to Russian cyber hacker 'Peace.' This same individual is responsible for other recent criminal attacks such as those on LinkedIn and Tumblr, and has claimed on the paid hacker search engine LeakedSource that the data is from a past breach," said the firm. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight