Is there anyone who doesn't use social media sites these days? They are great venues to connect with long-lost childhood friends, keep up with family members who live across the country and so much more.
After crushing its early competition, Facebook became the dominating social media site with nearly 2 billion active monthly users. One competitor that Facebook crushed is now causing some serious security concerns.
How scammers are breaking into MySpace accounts
Do you remember having a MySpace account? From about 2005 to 2008 it was the most popular social media site in the world. Not so much anymore.
Most MySpace users have moved on to newer, more popular sites. Unfortunately, many have made a critical mistake. Not deleting their account.
Security researcher Leigh-Anne Galloway recently detailed on her blog how easy it is for anyone to break in and steal any MySpace account. The sites' flaw is found on the MySpace account recovery page.
The page is set up to help people who have forgotten their account details to regain access. The account holder needs to enter their name, username, original email address linked to MySpace, and their birthday. However, Galloway discovered that you really just need to know someone's birth-date to get into their account.
Anyone looking at random MySpace pages are able to see an account holder's name and username. And when you go to the recover page, there are links for those who have either forgotten their associated email or no longer have access to it.
Image: MySpace recovery page.
Once the scammer performs the account recovery process, MySpace asks them to provide a new password and email address. Meaning they will control your account forever.
What you need to do now
Galloway notified MySpace of the flaw back in April and has yet to receive a reply. It's critical that you delete your MySpace account immediately. You don't want a cybercriminal accessing it and going through your personal data.
Take these safety steps:
- Delete old accounts - it's critical that you lock down all of your online accounts with secure passwords and shut down accounts that are no longer active. A site called AccountKiller can help by making it simple to track down all of your online accounts.
- Investigate your online accounts - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Set up two-factor authentication when available - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Change your password - If you have older accounts and decide to keep them, it's a good idea to change your passwords. Read this article to help you create hack-proof passwords.