« 300 The Movie = more pictures | Main | MySpace: Hack to Download Any Song on MySpace »

Myspace Exposes Videos Stored In Private Profiles

Yet another simple URL modification makes private profile information available
Two very simple methods that allowed anyone to view comments and photos stored in private Myspace profiles. These security holes were available by a simple modification of the URL used to access Myspace. The story of these security holes were posted on digg.com, and very quickly spread across the Internet. Once public, Myspace reacted swiftly and closed these two holes within 24 hours. But as soon as those security breaches were addressed by Myspace, more were popping up, and being closed by Myspace, like a lame game of whack-a-mole.

This morning (9/2/06) I awoke to find the following URL in my Inbox (sent anonymously). It is claimed that this URL allows anyone to view videos that have been uploaded to private Myspace profiles.

http://vids.myspace.com/index.cfm?fuseaction=vids.showvids&friendid=XXXXXXX

*insert the Myspace friendID at the end in place of the XXXXX

Myspace videos are not in strong demand

I'm sure the demand to view videos uploaded to private Myspace profiles is nowhere near as high as the demand to view private comments and photos. But the idea that this type of simple URL modification can still give anyone access to information that is intended by Myspace to be "private" should make us all think twice about posting anything on the internet that you would not be comfortable with the whole world seeing.


Posted by DanGeR on January 8, 2007 04:58 PM |



    Post a comment

    (If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)