Social media has come a long way from its early days, and with the domination of major players including Facebook and Twitter, many of the early pioneers have faded into relative obscurity. Friendster abandoned plain social networking in 2011 and finally shuttered its services in 2015. MySpace, once the fastest growing and largest social network, quickly lost ground to Facebook and eventually lost many of its users. 2016 brought the revelation that 360 million accounts had been compromised all the way back in 2008 and were now for sale on the Dark Web, and MySpace declined further.
However, despite its lack of a large active userbase today, there are still many people who remember their days spent on MySpace. For those people, revisiting an old account could be a source of nostalgia — or you might not have thought about your page in years. What if you want to log back in, but you don’t have access to your original email account anymore?
MySpace seems to have anticipated this scenario and set up an account recovery tool for individuals to use. Unfortunately, it’s woefully insecure and in fact, could allow a savvy individual to gain access to other accounts. All you need to do is tell the site your name, your birthday, and the name of the account. If all three matches up, you’re in — no email necessary, nor any other type of confirmation. Naturally, this means anyone who knows these three details about you could take over the account.
There might not be anything compromising left there, but there will still be some personal data, and it’s a terrible security practice regardless. Worse still, researchers notified MySpace of the problem this posed and, so far, the site has neither fixed the vulnerability nor addressed the problem. It may be that they will do nothing about the issue.
MySpace should serve as a reminder of the importance to clean up your digital life as you move forward and leave old accounts behind. When you decide to end your use of a website or any other online platform, delete your account if possible. If you can’t completely erase the account, log in and remove as much information as you can. In some cases, you could even contact the site’s support to request removal of your account. Don’t leave old data behind — it could offer an inroad into your new, more active accounts.