Pages

Sunday, February 7, 2010

A loop hole in social networking sites security

Hey readers, I wanted to share with you a loop hole that I've found with social networking sites and their security. Please note, I'm not a hacker and I've found this using my own account. Last night I was trying to access my MySpace account and I forgot my password. I requested to retrieve my password by clicking on the 'Forgot your password' link, this is a link that all social networking sites provide just in case if you forget your password, see Figure 1. Next I was taken to another page where it would ask me to provide my email address that I used when creating my MySpace account, see Figure 2. Remember when signing up for MySpace, they would required you to put in a contact email address? Well  this is the reason why, so they can send you information on how to change your , instead of posting your password a separate page. Hackers could easily retrieve your password if MySpace just posted your password on a separate page by supplying your email address and clicking the submit button.

Next, I provided my email account and click submit and I got a message back stating that my password information was sent to my email address, then the light came on. I had deleted this email account months ago, so MySpace sent an email message to an email account that no longer exists. I went back to the provider where I had created my email account from before and I checked to see if that email account was still available, and it was. I re-created the account and went back to MySpace, clicked on the 'Forgot your password' link, supplied my old email address which has now been recreated and active to accept email messages, clicked the submit button and then went back to my now recreated email account inbox and I saw the email message to change my MySpace password was there.

Figure 1                                                                

 










Figure 2











The moral of this story, if you have email accounts tied to social networking sites or any online account, I suggest changing deleted email address tied  on your social networking sites as well as any other online accounts that you may have. If you have any questions or comments regarding this post, please provide your comments in the 'Comments' section for this post.

Thank You,
Posted by Brandon Michael Hunter at 6:15 PM Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)