Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 4th, 2008

Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos

The recently introduced data availability initiative at MySpace allowing everyone to share their profile data with other community and social networking sites across the Web, is vulnerable to a major privacy flaw exposing the private photos of MySpace users. The flaw is in a system that helps the social-networking site share information with other Web sites.

Thanks to data portability, a technology that allows personal information to be shared between social networks and other websites, one can see any profile on MySpace. For example, pictures of Paris Hilton and Lindsay Lohan from private MySpace profiles can already easily be seen by anyone on the Internet, since those two celebrities are, as usual, the first to be hit.

Byron Ng, a computer technician who earlier this year found a way to access Paris Hilton’s Facebook page, disclosed a 15-step process, that allows people to see supposedly-private pictures and other information by first logging into Yahoo, at Valleywag blog. Yahoo’s integration with MySpace makes it easy to view photos for any profile.

Byron’s instructions involve no real hacking or unauthorized access. They work because Yahoo allows its users to add their MySpace profiles to their cell phones without checking their credentials. It requires a login, but accepts any login, not the specific user’s login.

Here are the instructions for viewing any MySpace profile, as posted on Valleywag:

1. you’ll need a Yahoo account. go to and create a yahoo account if you don’t have one already. and you will need to go to to sign up for a myspace account first, if you don’t have one already.

2.go to click on the ‘mail’ button under “sign in to yahoo!”.

3. click on ‘click here to sign in’.

4. enter your yahoo id, yahoo password.

5. then on the top of the screen in the white box, enter: myspace then click Search Widgets Gallery.

6. you will see a green box in the middle with the word ‘myspace’ in there.

7. click the green myspace.

8. see in the middle of the screen it says “add it” – click that.

9. click yes when it asks you about sharing info.

10. go here

11. enter myspace into the box. click search widgets gallery.

12. click on the green myspace. now, since you have already set it up in the previous steps, it won’t ask you to download again.

13. click on ‘go to widget’ (that’s right below the ‘already added it” text.

14. now sign in to myspace.

15. now take the URL I asked you to save above before step 1: and click on it. it may ask you to sign into yahoo or my space. sign in as appropriate. now you should be able to see the person’s pictures. if you can only see your own profile, then click on it again then it will work.

Share this item with others:

More on CyberInsecure:
  • Facebook, MySpace Backdoor Exposed User Accounts
  • Sensitive Federal Data Leaked Through P2P File Sharing
  • SQL Injection Flaw Exposes 32 Million Accounts Passwords
  • Facebook Album Privacy Exploit
  • Facebook Bug Reveals Names And Photos For All 500 Million Users

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos

    4 Responses to “Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos”

    1. Has this been fixed?

    2. CyberInsecure Says:
      June 10th, 2008 at 12:08 am

      According to some users reports, the Myspace widget has been removed and it does not work anymore.

    3. I am trying to access my teens myspace that is private, is there anyway? I tried the suggestion above with the yahoo and widgets, and myspace didn’t come up in the search.

      Thank you
      desperate mom

    4. CyberInsecure Says:
      June 19th, 2008 at 5:03 pm

      Again, this method does not work anymore.

      desperate mom: There are much easier ways (keylogging) if you have a local access to the PC. Since you are a mom, you can also practice your parental rights and openly demand to see what the “teen” is doing on myspace, “or else…” (even better, no hacking involved).

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.