You may want to reconsider if you’ve been keeping an old Myspace account just so you can smirk and say you still have one. Due to lax security policies, it’s almost trivial for anyone to reset the password on any account. Researcher Leigh-Anne Galloway originally reported the flaw to Myspace back in April of this year.
Galloway discovered the flaw while trying to delete her account. After not hearing from Myspace for three months, Galloway documented the vulnerability on her blog.
Turns out you only need three pieces of information to reset the password on an account. You only need the name, username, and date of birth associated with the account. After providing the right info Galloway discovered that she was granted access immediately to her account.
How to delete a Myspace account
Over at the consumerist.com they have outlined how you can go through and delete your old account.
1. Once you’ve gone through account recovery process, select account settings from the gear icon at the bottom right-hand corner of the page.
Note: If you’re on mobile, you’ll have to request the desktop version of the site.
• In Safari, you can do this by pressing and holding the reset button.
• If you’re using Chrome, click on the button with three dots at the top right-hand and select “Request Desktop Site”:
2. Click on “Delete account.”
3. Give Myspace a reason for why you’re saying goodbye for good, and pour one out for your internet past.
While Myspace isn’t one of the most popular social media sites, security implementations like this still matter. According to Galloway “Myspace is an example of the kind of sloppy security many sites suffer from, poor implementation of controls, lack of user input validation, and zero accountability.” and “Myspace is no longer the number one social media site, they have a duty of care to users past and present.”