A while back, I reported a security problem to MySpace. Being a nice person, I thought I'd email them and wait for a reply before telling anyone else (I thought I was the only one to find this problem, but it appears a few others knew of it too. I didn't know this until later). I have reported a few problems to MySpace in the past, and they usually took around two weeks or so to reply. Sure, their reply was something generic, but it was a reply at least. Anyways, back to this story. So, after writing to them, I waited two weeks. Didn't hear anything back from them. A month, still didn't hear anything. So I thought that as a month had passed, I may as well report the security hole to a security site. I wrote to xssed.com, and after a small wait they published an article on it.

Today, I try to log in to my account, and it didn't work. Interesting, I was sure I was typing the correct password. I go to use the "Forgot your password?", and it says my email is invalid. So that's it, they've deleted my account. For me, MySpace was a way to keep in touch with old friends I otherwise wouldn't be able to talk to. And now they've deleted my account. So, they deleted my account for reporting a security issue and showing them a harmless example, yet people that actively try to attack MySpace accounts still have active accounts? This makes no sense, if anything they should be thanking me for finding the bug on their site, and being nice enough not to do anything evil with it. It's totally unfair. Just before deleting the account, I had 467 friends, 1991 comments, 2300 messages, and just over 19000 profile views. I have no clue what's going to happen to my Windows Live Messenger MySpace app, an application that now has around 51,000 users. Whatever, I'm done with MySpace now. I made a new account but don't really care about it any more. Add me on Facebook.

—Daniel

Oh, and http://www.myspace.com/daniel_1515 was my old account. In case anyone searches for it in Google.

Update 9th February 2009: My MySpace account is back. Take a look at my blog post about it.

Tags MySpace, account deleted, daniel_1515

Short URL for sharing: https://d.sb/B1K. This entry was posted on 1st February 2009 and is filed under MySpace, XSS. You can leave a comment if you'd like to, or subscribe to the RSS feed to keep up-to-date with all my latest blog posts!

Comments

  1. Avatar for stubbers stubbers said:

    It's the old story that companies don't like IT security issues being pointed out, and they complain even when they're mentioned beforehand. Did you end up sending them a please explain email?

      1. Avatar for 400OakStreet 400OakStreet said:

        I was able to get a delete request through :P