Myspace let you hijack any account just by knowing the person’s birthday

Image courtesy of

By Jacob Kastrenakes, July 17, 2017 

But also, please don’t because it’s almost definitely illegal

If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site.

Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company. Only today, after the issue became widely publicized, did Myspace finally remove the flaw.

The flaw came from Myspace’s now-defunct account recovery page, which was meant to let people regain access to an account they’ve lost the password to.

Read full article here…..