MySpace is not secure

Filed in archive Spam News on January 26, 2007

Well, we knew that already, didn't we? No one in their right mind would consider MySpace anything but a laughable hobby, and absolutely noone should leave any real info on it. Apart from the MySpace company not doing its best, or even mediocre to enhance personal data security, it seems that their users are quite frankly - absurdly security irresponsible.

We also heard of thousands of MySpace user names and passwords being stolen for a joke, just because it's doable and easy, and users falling even for the cheapest spam phishing attacks. But, instead of educating its users MySpace shuts other sites down for writing about MySpace security problems. One of its last victims was the security expert beloved SecLists, whose site was taken down by cowardly GoDaddy domain seller service. Fyodor, the owner of SecLists writes:

"Apparently Myspace is still reeling from all the news reports more than a week ago about a list of 56,000 myspace usernames+passwords making the rounds. It was all over the news, and reminded people of a completely different list of 34,000 MySpace passwords which was floating around last year. MySpace users fall for a LOT of phishing scams. They are basically the new AOL. Anyway, everyone has this latest password list now, and it was even posted (several times) to the thousands of members of the fulldisclosure mailing list more than a week ago. So it was archived by all the sites which archive full-disclosure, including SecLists.Org.
Instead of simply writing me (or abuse_at_seclists.org) asking to have the password list removed, MySpace decided to contact (only) GoDaddy and try to have the whole site of 250,000 pages removed because they don't like one of them. And GoDaddy cowardly and lazily decided to simply shut down the site rather than actually investigating or giving me a chance to contest or comply with the complaint. Needless to say, I'm in the market for a new registrar. One who doesn't immediately bend over for any large corporation who asks."

GoDaddy, together with MySpace, has proven to be a nazi in the worst kind of way. Not only did SecLists have nothing to do with the usernames/passwords stolen, it also did not publish any of it per-say.

Cheers to Fyodor, good luck in finding a new registrar, and shame to you GoDaddy and MySpace! This behavior means that we all will need to be hawk-eye careful and comb forums and comments we moderate because anyone who hates you could just simply publish some 'stolen list' on your blog/website and have you taken down. God I wish those companies would be so agile when it comes to catching the real crooks!