Security Social Media

Your Forgotten MySpace Account Is Leaking All Your Secrets

Philip Bates 21-07-2017

Lurking in the annuls of internet history, MySpace was arguably the first big social networking site. It boasted millions of active users and made a significant cultural impact. While some used it as a way of finding a following and a career (including Lily Allen, Calvin Harris, and Adele), most were content with choosing a fun background wallpaper and making an interesting bio.


MySpace has largely been forgotten — that is, it’s not front and center in the public consciousness. It’s been superseded by Facebook Social Media: Did It Really Start With Facebook? [Geek History Lesson] Today, Facebook dominates social media. It's easy to forget that social media was once considered an open field, ready for any to stake their claim. What were those early social networks? What killed them? Read More and Twitter. And yes, it’s still running.

Worse, MySpace hasn’t forgotten you. And it might be leaking all your private information.

What’s Coming Back to Haunt You?

Security checks on major sites nowadays are generally pretty tight. You can rely on them to have proper precautions to keep your password secure Every Secure Website Does This With Your Password Have you ever wondered how websites keep your password safe from data breaches? Read More and all your personal data private. That’s how it should be.

To gain access to your old MySpace and take control, all a hacker has needed since the site’s heyday is your name, username, and date of birth. They don’t need any sort of password or even validation via an email address.

This security flaw came via its “Account Recovery” page. A lot more thought should be put into it: the company’s gone through a rebrand that it hopes will draw old users back, so recovering an account is essential.


myspace account recovery

You’d think once a request is made, it would at least email some sort of verification to the associated address before allowing access. Instead, all it needs is readily-available information.

A name is so simple to find out, as is your username — actually in the profile URL, although you’ve probably forgotten it by now yourself! Meanwhile your date of birth might be available through various leaks (which we’ll come back to) or Facebook. The latter mostly depends on what details you’ve surrendered to the social network, and your privacy settings 4 Vital Facebook Privacy Settings You Should Check Right Now Facebook's been changing privacy options again. As usual, the default option is for you to be oversharing your details, so here's what you need to know to set things right. Read More .

What’s the Harm?

What’s worse, MySpace has known about this for a few months, and has done nothing about it. Until it got some bad press from major media outlets. Now, the URL redirects to a login page. It’s in no way ideal.


And that in itself is noteworthy.

We’ve got Leigh-Anne Galloway from Positive Technologies to thank for exposing this vulnerability. She first found the issue in April, and accordingly alerted MySpace. She received an automated email in response… and that’s it. Three months on, she decided the world should know, and MySpace was forced to actually do something.

You might wonder what the fuss is all about. Surely there’s nothing of interest still on there?


Essentially, a cybercriminal could take complete control of your profile by changing the email address and password MySpace uses. This is identity theft 10 Pieces of Information That Are Used to Steal Your Identity Identity theft can be costly. Here are the 10 pieces of information you need to protect so your identity isn't stolen. Read More .

And while there’s not vast amounts of information still on there, it’s not to be sniffed at.

How do you feel about a complete stranger having access to photos of you when you were younger? Most likely, when you were a teenager? Creepy, isn’t it? If there’s anything embarrassing on there, how would you feel if it were used against you? Nowadays, celebrities have their old social media accounts scoured by various industries Why These 7 Industries Are Spying on Your Social Media Posts Most of your life is probably available on your social media accounts. But do you know who's watching them? These seven industries are keeping a close eye on your posts. Read More , including the media, so a precedence has been set for using MySpace against people.

Indeed, the site still gets particularly good stats on a Thursday, when old digital photos are resurrected for regurgitation as part of “Throwback Thursdays.” How to Find the Best Instagram Hashtags for More Likes & Followers Hashtags are an essential part of Instagram. If you need help getting started, here's how to find the best Instagram hashtags. Read More


That’s without mentioning that even your Personally Identifiable Information (PII) — like birthday, email address, and phone numbers — is worth money to scammers Here's How Much Your Identity Could Be Worth on the Dark Web It's uncomfortable to think of yourself as a commodity, but all of your personal details, from name and address to bank account details, are worth something to online criminals. How much are you worth? Read More .

What’s the Good News?

Yes, there is good news, but even that has a coda to it.

Your MySpace will be virtually unrecognizable to you.

myspace homepage

This is due to a rebrand. MySpace reinvented itself into a social site that focuses on music. All profiles lost their personalization, so if you ever wished to remember which embarrassing wallpaper you’d set, you’re out of luck. Various details have vanished, including some of those “Top X” lists of favorite books, TV, films, and songs.

The problem remains, your profile isn’t a clean sheet. Not all personal information has disappeared. Again, we shouldn’t underestimate the worth of personally identifiable information.

Furthermore, a lot of data can be inferred from basic information. Take Facebook as an example What Does Facebook Know About You? Why You Should Delete Facebook What does Facebook really know about you? One thing's for sure: if you want online privacy, Facebook is best avoided. Read More : the service knows a lot about you (whether you’re an active member or not It Doesn't Matter If You're Not On Facebook: They're Still Tracking You A new report claims the Facebook is tracking people without their permission. It doesn't matter if you don't use social networking service: they're still watching you. What can you do about it? Read More ), so hackers could get a fair assessment of you from that. Digital Shadow demonstrates Digital Shadow Exposes What Facebook Really Knows About You While it began as a mere marketing stunt, Ubisoft's Digital Shadow remains a very useful (and potentially scary) application that shows you how much people can find out about you from Facebook. Read More what details can be guessed about you based on comparatively little data.

MySpace isn’t even as dead as you thought it was. In November 2015, it was getting 50.6 million unique users in the U.S. alone, and handling more than 465 million email addresses. That’s a lot of data potentially up for grabs.

Wait, Wasn’t MySpace in Trouble Recently?

As if this weren’t bad enough, MySpace is pictured in a particularly bad light after another shocker from 2016. Or 2008, rather.

myspace hack haveibeenpwned

Sometimes, companies keeping quiet about data breaches can be a good thing Why Companies Keeping Breaches a Secret Could be a Good Thing With so much information online, we all worry about potential security breaches. But these breaches could be kept secret in the USA in order to protect you. It sounds crazy, so what's going on? Read More . But MySpace suffered a major leak, and we only found out about it at least three years after the hack Facebook Tracks Everybody, MySpace Got Hacked... [Tech News Digest] Facebook is tracking everybody across the Web, millions of MySpace credentials are up for sale, Amazon brings Alexa to your browser, No Man's Sky suffers a delay, and Pong Project takes shape. Read More . The first we knew about it was in 2016, when more than 360 million email addresses and over 427 million passwords, were up for sale, via the social network.

The original hack could’ve occurred anytime between 2008 and 2013.

If you used MySpace, head over to This tells you whether your data has been part of a breach. If you can recall the email you used to sign up to MySpace all those years ago, type it in. Shocking, right?

Jeff Bairstow, Time Inc. Executive Vice President and Chief Financial Officer, reassured users:

“We take the security and privacy of customer data and information extremely seriously — especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common. Our information security and privacy teams are doing everything we can to support the MySpace team.”

We’ve been told that private information is taken seriously. Yet this latest security flaw has been intact since that hack.

The passwords stolen in the hack were stored with the Secure Hashing Algorithm (SHA)-1 hash. This changes passwords into different digits, but isn’t actually very secure. Salting and slow hashes is a more superior way of protecting your password How Do Websites Keep Your Passwords Secure? With regular online security breaches reported, you're doubtless concerned about how websites look after your password. In fact, for peace of mind, this is something everyone needs to know… Read More — it’s not infallible, because nothing ever is, but right now, that’s as good as it gets.

Now, however, it seems that, even if MySpace had implemented stronger password protection, the simple account recovery process would’ve rendered it moot.

What Should You Do?

What does this say about internet security How Web Browsing Is Becoming Even More Secure We have SSL certificates to thank for our security and privacy. But recent breaches and flaws may have dented your trust in the cryptographic protocol. Fortunately, SSL is adapting, being upgraded - here's how. Read More ?

MySpace is just the latest example of a big company, albeit one largely forgotten by the masses, not taking adequate care of your information. It’s simply not good enough. Security measures should always be kept updated What Other Major Websites Can Learn from Moonfruit's DDoS Attack Moonfruit is the latest in a long list of online giants hit by hackers, but how they handled the threat was impressive. Indeed, other sites could learn a lot from how they handled the situation. Read More , no matter a site’s heyday.

What can you do about it? First of all, MySpace has taken down the related page, so right now, you can’t get into the network unless you can remember your login details. Hopefully, the site will tighten up security.

I don't normally Instagram at 1:00am, but when I do, I've just shot the blood moon – total lunar eclipse!

A post shared by Tom Anderson (@myspacetom) on

However, it’s not proving trustworthy. It may be unfair on MySpace to advise you to delete your account, but that’s exactly what Leigh-Anne Galloway has done. You can understand why. Certainly, if you don’t intend to migrate back to MySpace, it would be churlish not to delete all your information from there.

Have you deleted your account? Are you concerned about further leaks? Or do you feel it’s pointless to delete what’s already out there, after the number of security compromises?

Image Credit: thelefty via

Related topics: MySpace, Online Privacy.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Wilfredo Arevalo
    August 20, 2017 at 2:59 am

    Have you ever thought about creating an ebook or guest authoring on other blogs? I have a blog based upon on the same information you discuss and would really like to have you share some stories/information. I know my subscribers would enjoy your work. If you are even remotely interested, feel free to shoot me an e-mail.

  2. Jasper Bostic
    August 18, 2017 at 9:02 pm

    I have read so many articles concerning the blogger lovers however this paragraph is actually a good article, keep it up.

  3. Misty Flores
    August 17, 2017 at 11:04 pm

    Hello, after reading this awesome article i am also glad to share my familiarity here with friends.

  4. Luisa Hay
    August 15, 2017 at 6:38 am

    Attractive section of content. I just stumbled upon your weblog and in accession capital to claim that I get in fact loved account your blog posts. Anyway I will be subscribing for your feeds and even I achievement you get entry to persistently quickly.

  5. Javier Nix
    August 14, 2017 at 1:49 am

    Thanks in favor of sharing such a nice idea, piece of writing is pleasant, thats why i have read it entirely

  6. Jana McGuire
    August 9, 2017 at 3:22 am

    I used to be suggested this blog by way of my cousin. I am not sure whether this submit is written by way of him as no one else understand such exact approximately my difficulty. You are amazing! Thank you!

  7. MCP
    July 24, 2017 at 12:48 pm

    Don't you mean "ANNALS"?

  8. Chris
    July 24, 2017 at 12:56 am

    Your comment section needs a report or flag spam function. The comments on this article are nonsensical and fishy.