This isn't great: Anyone could get into your Myspace with just your name and birthday

They didn't even need a password.

The last time you logged into your Myspace account was what, 10 years ago? Minimum?

Well fortunately Myspace had an incredibly easy way to regain access to your account. All you needed was your name and birthdate and boom, you were in and could reset your password to a less embarrassing alternative.

Unfortunately it turns out that's all anybody needed to access your old Myspace.

A cybersecurity researcher named Leigh-Anne Galloway brought this to the world's attention Monday. In a blog post, Galloway explained she was trying to gain access to an old Myspace account so she could delete it.

This was back in April. And at the time, she stumbled across this glaring security oversight.

When trying to recover her account, she had to fill out this form:

But after some poking around and testing, she discovered Myspace didn't do an email verification. Sure it's marked as a "required" field, but you could put in any nonsense email and the account recovery security wouldn't actually check if it matched.

So all you needed was the full name on the account, as well as the public username. And then a birthday, which isn't that hard to find if you really wanted to.

"It seems Myspace wants us all to take security into our own hands," Galloway wrote. "If there is a possibility that you still have account on Myspace, I recommend you delete your account immediately."

She told Myspace and heard nothing

Galloway said she sent Myspace an email detailing this vulnerability back in April when she found it. She got an automated response ... and then nothing else.

So after three months she decided to publicize the gaping security hole while it still existed.

Since Galloway's blog post went live, it's been picked up by WIRED, The Verge, Engadget and others. And Myspace has since made some changes.

For example, that account recovery option is disabled. I tried to access the URL, but it doesn't open anymore and redirects to a different page. Gizmodo noticed this too. You can still see it on the Wayback Machine though.

Myspace also responded, telling Engadget they "enhanced [their] process by adding an additional verification step to avoid improper access." Myspace also said they take data security "very seriously," and will make their process better over time.

Myspace's dubious security history

That might carry some more weight if they hadn't given a similar response in 2016, when they revealed user login data from accounts had been stolen in 2013. And not a few accounts – 360 million users' info was stolen.

Myspace, in acknowledging the breach, said it had "several dedicated teams working diligently" to make sure user data was safe, and said they'd be taking "additional security steps" in light of the report.

And then this happened so ¯\_(ツ)_/¯.

As Galloway noted, maybe a lot of people don't use Myspace anymore (though in 2015, the site said 50 million people a month logged in.)

"So why does this matter?" she continued. "Myspace is an example of the kind of sloppy security many sites suffer from, poor implementation of controls, lack of user input validation, and zero accountability. Whilst Myspace is no longer the number one social media site, they have a duty of care to users past and present."

She also walks through how to delete your Myspace account, FYI.

Next Up

Dean Evason

Wild fall flat against Predators, lose first game of season

The Wild couldn't stay out of the penalty box in a 5-2 loss.

Screen Shot 2021-10-24 at 10.11.36 AM

Search for Wisconsin woman whose vehicle was found near Hinckley

Ashley L. Miller, 33, was reported missing on Sep. 24 after her vehicle was found without her in it.

Dak Prescott

Report: Dak Prescott will be 'ready to go' for matchup with Vikings

The Dallas quarterback is expected to be available for next Sunday's showdown.

Eddie Rosario

Where Eddie Rosario's championship series heroics rank since 2000

The former Twin put together an all-timer to help the Braves reach the World Series.

plane, Piper PA-32

2 dead after plane crashes near residence in rural Wisconsin

The aircraft also struck the house during the crash.

Screen Shot 2021-10-23 at 9.38.43 PM

1 dead after van crashes and lands on Highway 100 in Brooklyn Center

Northbound Highway 100 was shut down following the crash Saturday night.

Jess Peterson

Woman killed in crash ID'd as 'bad ass biker chick' with 'giving spirit'

The 30-year-old died in a motorcycle crash on Oct. 19.

Karl-Anthony Towns

Timberwolves' defense fuels win over Pelicans

The Wolves' have bought in on the defensive end as part of a 2-0 start.

Minnesota Wild

Ryan Hartman's OT goal helps Wild stay undefeated

The Wild improved to 4-0 with a win over the Ducks.

Mar'Keise Irving / Gopher Football

Gophers pound Maryland to stay in Big Ten West race

Four different players scored a rushing touchdown in a 34-16 victory over Maryland.


How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

Anyone can see your personal info on this website and it's creeping people out

Anyone can search your name to find your age, address, family members, etc.

Facebook Messenger just made stalking your friends easier

Let your friends stare at you walking around in real-time for an hour.

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?