Teen Data Exposed on Myspace

Use Netsparker


Ah another flaw in Myspace, this time it’s quite dangerous exposing the details of teenagers.

A security hole in the popular MySpace social networking site allowed users to view entries marked “private”, a crucial protection for users aged under 16, according to weekend reports.

Though the site is said to have fixed the problem, it was said by news reports to have been active for months. Nobody at MySpace was immediately available for comment.

The explosion of social networking sites has caused significant worry for parents and politicians over how to protect children from sexual advances over websites. The amount of information that young people reveal about themselves coupled with the opportunities for deception by sexual predators has led to concerns that the sites can be dangerous.

Normal for Myspace, things don’t get fixed for a LONG time.

“In the UK, the vulnerabilities alleged could amount to a breach of the Data Protection Act,” said Struan Robertson, editor of OUT-LAW.COM and a technology lawyer with Pinsent Masons.

The Data Protection Act says “appropriate technical and organisational measures” must be taken to prevent unauthorised access to personal data held by organisations.

“For any site, the technical measures that are appropriate will vary depending on the type of data held and the harm that might result from a security breach,” Robertson said. “There is best practice guidance in the UK for sites used by children and, if the allegations are true, it may be that MySpace fell short of the standard expected.”

This basically means anyone in the UK who got ‘hacked’ in this way is legally able to sue!

Source: The Register

Posted in: Hacking News, Web Hacking

, , , ,


Latest Posts:


Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.


Comments are closed.