Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos
The recently introduced data availability initiative at MySpace allowing everyone to share their profile data with other community and social networking sites across the Web, is vulnerable to a major privacy flaw exposing the private photos of MySpace users. The flaw is in a system that helps the social-networking site share information with other Web sites.
Thanks to data portability, a technology that allows personal information to be shared between social networks and other websites, one can see any profile on MySpace. For example, pictures of Paris Hilton and Lindsay Lohan from private MySpace profiles can already easily be seen by anyone on the Internet, since those two celebrities are, as usual, the first to be hit.
Byron Ng, a computer technician who earlier this year found a way to access Paris Hilton’s Facebook page, disclosed a 15-step process, that allows people to see supposedly-private pictures and other information by first logging into Yahoo, at Valleywag blog. Yahoo’s integration with MySpace makes it easy to view photos for any profile.
Byron’s instructions involve no real hacking or unauthorized access. They work because Yahoo allows its users to add their MySpace profiles to their cell phones without checking their credentials. It requires a login, but accepts any login, not the specific user’s login.
Here are the instructions for viewing any MySpace profile, as posted on Valleywag:
1. you’ll need a Yahoo account. go to www.yahoomail.com and create a yahoo account if you don’t have one already. and you will need to go to www.myspace.com to sign up for a myspace account first, if you don’t have one already.
2.go to http://beta.m.yahoo.com/w/gallery/widget click on the ‘mail’ button under “sign in to yahoo!”.
3. click on ‘click here to sign in’.
4. enter your yahoo id, yahoo password.
5. then on the top of the screen in the white box, enter: myspace then click Search Widgets Gallery.
6. you will see a green box in the middle with the word ‘myspace’ in there.
7. click the green myspace.
8. see in the middle of the screen it says “add it” – click that.
9. click yes when it asks you about sharing info.
10. go here http://beta.m.yahoo.com/w/gallery/widget.
11. enter myspace into the box. click search widgets gallery.
12. click on the green myspace. now, since you have already set it up in the previous steps, it won’t ask you to download again.
13. click on ‘go to widget’ (that’s right below the ‘already added it” text.
14. now sign in to myspace.
15. now take the URL I asked you to save above before step 1: http://beta.m.yahoo.com/w/myspace/profile/en.osl?userID=16527727 and click on it. it may ask you to sign into yahoo or my space. sign in as appropriate. now you should be able to see the person’s pictures. if you can only see your own profile, then click on it again http://beta.m.yahoo.com/w/myspace/profile/en.osl?userID=16527727 then it will work.
More on CyberInsecure:
Posts
June 9th, 2008 at 11:17 pm
Has this been fixed?
June 10th, 2008 at 12:08 am
According to some users reports, the Myspace widget has been removed and it does not work anymore.
June 19th, 2008 at 3:40 pm
I am trying to access my teens myspace that is private, is there anyway? I tried the suggestion above with the yahoo and widgets, and myspace didn’t come up in the search.
Thank you
desperate mom
June 19th, 2008 at 5:03 pm
Again, this method does not work anymore.
desperate mom: There are much easier ways (keylogging) if you have a local access to the PC. Since you are a mom, you can also practice your parental rights and openly demand to see what the “teen” is doing on myspace, “or else…” (even better, no hacking involved).