I reported yesterday on a bug in MySpace's architecture that allowed strangers to peer inside the MySpace photo galleries of some private profiles, despite assurances from MySpace that those pictures can only be seen by people on a user's friends list.
The bug had been around since at least October (Thanks to Rose for tipping me off), during which time it had been gleefully exploited by voyeurs, hackers, entrepreneurs and lechers; you can find pages and pages of public message board comments around the web in which posters are peeking in on 14 and 15-year-old girls and sharing what they find.
Ad-supported web sites with names like Can't Hide and MySpacePrivateProfile.com emerged to earn a buck off the glitch. One such site reports that its users have accessed, or attempted to access, 77,000 private profiles -- 3,000 of them today.
While all this going on more-or-less in plain sight, you have to wonder where MySpace's safety and security team was. Was this glitch that hard to fix?
Apparently not. Barely 24 hours after my story hit the front door of Wired.com, MySpace has, without comment, closed the backdoor, and the websites that were exploiting it are no longer delivering private photos. That seems to leave just two possibilities:
- MySpace didn't know this was going on before.
- MySpace knew about it, but didn't take action until the press noticed.
I'll have more next week.
See Also:
- MySpace Bug Leaks 'Private' Teen Photos to Voyeurs
- More Charges in MySpace Cyber Stalking Case
- Convicted Hacker Charged With Extortion After Attack On Model's MySpace Account
- Federal Grand Jury Issues Subpoenas in Teen Cyberbullying Case
- 29,000 Sex Offenders Found on Myspace
- No Charges Will Be Filed In Cyberbullying Case
- MySpace to Purge Sex Offenders
