Developing story: MySpace security breaches

What's more worrisome than a public MySpace page? A page that the user only thinks is private. I was just alerted to several stories by Kevin Poulsen of Wired News that publicize recent security breaches on MySpace.

Poulsen reported on January 17 about a MySpace Bug that leaks "private" teen photos to voyeurs. He wrote, "A backdoor in MySpace's architecture allows anyone who's interested to see the photographs of some users with private profiles--including those under 16--despite assurances from MySpace that those pictures can only be seen by people on a user's friends list. Info about the backdoor has been circulating on message boards for months."

These message boards include self-described groups of "pedos" who hacked into underage-girls' private MySpace profiles. According to Poulsen, one poster reported successfully pilfering photos from a randomly chosen 14-year-old girl, "It worked and I was shown her pictures. Now lets see some naked sluts."

On January 18, Poulsen updated the story to say that the next day, MySpace quietly fixed that back-door bug, without publicly acknowledging the problem, even though users' profiles had been vulnerable for months.

Then on January 24, Poulsen reported that "A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on BitTorrent, potentially making it the biggest privacy breach yet on the top social networking site."

Reporting kudos to Poulsen for staying on top of these emerging privacy concerns. I haven't seen this story widely reported elsewhere, which is significant since public scrutiny and user concerns are the main points of leverage we have with companies like MySpace and its owner News Corp. to pressure them to devote sufficient resources to developing safe and secure products. Taken together with Facebook's Beacon fiasco, breaches like these are sure to reinforce the impression that they still have a long way to go.