Oops! Hack lets anybody join the MySpace network on Facebook
I'm not an employee of MySpace, but I was able to join its Facebook network.
(Credit: Facebook)I do not work for MySpace. But my Facebook profile now says I do, thanks to what appears to be a sneaky little flaw in MySpace's recently launched e-mail client.
Professional networks on Facebook are intended to be limited to employees, and require a corporate e-mail address to which Facebook sends a confirmation e-mail to verify accuracy. But when MySpace launched MySpace Mail this summer, it made e-mail addresses with the myspace.com domain--which is also used internally for corporate e-mail--available to any members of the News Corp.-owned social network.
A reader tipped off CNET News to the hack, which requires a little bit of HTML know-how. We're not going to give detailed instructions out of the interest of MySpace employees' own security--and it looks like Facebook has put a fix in place, because when a CNET colleague used a MySpace Mail address to register around 2:40 p.m. PT on Wednesday, he was informed that the address was invalid.
See what happens?
(Credit: Facebook)In vague terms, it looks like MySpace was aware of the fact that members might try to register for its network on Facebook, because the confirmation link to Facebook does not work in MySpace Mail, nor does copy-pasting it. Basically, it's mangled somehow. But, the tipster explained, the real link is still in the page's HTML source. And indeed, I was able to join MySpace's network on Facebook.
This does have security implications, because many Facebook members limit some of their profile data to people who went to their schools or work for the same company--Facebook first launched corporate networks in the spring of 2005. Many may display their cell phone numbers, photo albums, or home addresses only to college alumni or co-workers.
It's an issue for Facebook as well because the massive social site does have an obligation to make sure that its restricted networks don't lie fallow. If there's a change in corporate e-mail structure at a company with a Facebook network, particularly a big one, that can mean something big with regard to potentially thousands of Facebook members' security.
A MySpace representative told CNET News that the company was looking into the matter and would be able to comment soon.
This post was updated at 2:44 p.m. PT on Wednesday to note that the problem appears to have been corrected by Facebook.
Caroline McCarthy, a CNET News staff writer, is a downtown Manhattanite happily addicted to social-media tools and restaurant blogs. Her pre-CNET resume includes interning at an IT security firm and brewing cappuccinos. E-mail Caroline. 
I use facebook, but i don't have my address or phone number on there. My friends know how to reach me, they dont need social networking to remind them.
I personally just do a mental facepalm. Move along, nothing new to see here...
They could have made it MyspaceMail.com or similar to help prevent conflicts.
Oh and by the way, We're all over Facebook. Can we get back to talking about girls please.
my privacy, still I realize everything I just typed has the potential to be seen ww yep world wide!
No negatives, just observations.
Lee Goodwin Jr.
- by patada78 November 5, 2009 2:45 PM PST
- technology is powerful
- Like this Reply to this comment
-
(12 Comments)