Welcome to WebmasterWorld Guest from 188.8.131.52
I've just realised that I can get to see private data (not all of it but a significant amount). The question I am asking is how should I reveal this information. Some options:
1. Try and let MySpace know through ther forums
2. Contact the BBC with the story
3. Post it on WebmasterWorld
But maybe there's a way I can turn this to my advantage. I could post it on my blog (and try and highlight it so that other people get to see it). I could get some links that way. Might even reach the front page of Digg. Hopefully I wouldn't get too much traffic because my shared server would probably grind to a halt.
Any thoughts on what I should do - and if I put it on my blog should I put Adsense ads on that page?
1. Post enough information to legitimize your claim.
2. Make sure your PM box has room-or just list your blog address in your profile.
3. Wait for myspace to contact you.
Share the information with myspace-as a security consultant.
[edited by: akmac at 8:45 pm (utc) on Sep. 4, 2006]
Amanda has privacy settings on. I know she was 14 on the 6th of August.
A mother from Placentia, California (with privacy settings on) took a survey that said she had a sexual IQ of 120. To quote "When it comes to sex, you are a super genius".
I'm acting like a stalker!
The thing is I do like MySpace and spend a lot of time talking to bands through it (well, most of the time they are trying to talk to me - ego trip!). I also like my blog and the prospect of links to it is very tempting...
In that you are media, I would contact the media department of mySpace and ask for a response to your findings, explaining you are going to publish what you found and their response. Give them a reasonable deadline (two to three days) and then move forward.
The problem with doing nothing is that if you found it, others might as well. This has to be addressed, but addressed in a responsible manner.
Send an email (see privacy page) to them alerting them to the problem.
Post a page on your site about it - with copied screenshots (blank out any details, try not to show how its done).
Write a condensed description here - and a link to the page on your site with more detailed information (this may be okay as it is the original source - so long as the page isn't 99% full of spam/ads).
Email the BBC (or reuters or whatever)
It's important to alert everyone quickly in case anything bad comes of it - you have a responsibility to do so. Whatever you do don't post anything that instructs people on how to get the data (here, on your site or anywhere else).
I don't see anything wrong with telling announcing the problem as it will encourage/alert the site to the problem and get it delt with quicker (some sites ignore emails - perhaps they get too many or they go to the wrong people)
But a few hundred extra visitors to my blog is nothing (and no I haven't put any ads or spam links on that page). I use MySpace to stay in touch with all my bands who send me CDs to review so I am an enthusiastic user of the site for the music side of it. I also see it as a potential way of challenging the power of the Record Companies in the future.
I am going to report the problem on the MySpace forums so that they hopefully will fix the privacy leak.
Posting on WebmasterWorld is more of a problem - links to blogs are not allowed for very good reasons. But I am not even allowed to post links to the example I have set up to demonstrate the problem. The only comment on the blog post was 'it didn't work for me' so I made a profile of mine Private and showed how you could see data from it.