Myspace lets you hijack any account just by knowing the person’s birthday


If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s embarrassingly easy for someone to break into and steal any account on the site.

Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company.

The flaw comes from Myspace’s account recovery page, which is meant to let people regain access to an account they’ve lost the password to. The page asks for the account holder’s name, username, original email address, and birthday. But it turns out, you really only need to know someone’s birthday in order to gain access to their account.

“I recommend you delete…

Continue reading…

…read more

Source:: The Verge – All Posts

Leave a Reply

Your email address will not be published. Required fields are marked *