Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

I Know MySpace Leaks Teen Data

What Should I Do With This info?



7:51 pm on Sep 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

A few days The Register claimed that MySpace Privacy options had been breached. I debunked that story - it was merely hidden html on non-private profiles. So, it was a no story.

I've just realised that I can get to see private data (not all of it but a significant amount). The question I am asking is how should I reveal this information. Some options:

1. Try and let MySpace know through ther forums

2. Contact the BBC with the story

3. Post it on WebmasterWorld

But maybe there's a way I can turn this to my advantage. I could post it on my blog (and try and highlight it so that other people get to see it). I could get some links that way. Might even reach the front page of Digg. Hopefully I wouldn't get too much traffic because my shared server would probably grind to a halt.

Any thoughts on what I should do - and if I put it on my blog should I put Adsense ads on that page?


8:15 pm on Sep 4, 2006 (gmt 0)

10+ Year Member

That depends, do you want to work for myspace, or yourself?


8:19 pm on Sep 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Great answer. OMG LOL as they say on MySpace. All I really want is some more links to my music blog - but maybe I just lack ambition.

This is a limited privacy breach but real.

[edited by: Iguana at 8:25 pm (utc) on Sep. 4, 2006]


8:39 pm on Sep 4, 2006 (gmt 0)

10+ Year Member

Well, the information is probably quite valuable to 2 groups, myspace, and the nefarious.

1. Post enough information to legitimize your claim.

2. Make sure your PM box has room-or just list your blog address in your profile.

3. Wait for myspace to contact you.

Share the information with myspace-as a security consultant.

[edited by: akmac at 8:45 pm (utc) on Sep. 4, 2006]


8:51 pm on Sep 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

That's a bit like blackmail isn't it?


9:38 pm on Sep 4, 2006 (gmt 0)

10+ Year Member

Oops-it does sound that way-sorry, not my intention. You found a hole in a security system, and you would like to help myspace patch it. I guess it's up to you if you'd rather do it for free.


9:43 pm on Sep 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I'm not sure. You think I should do something like this:

Amanda has privacy settings on. I know she was 14 on the 6th of August.

A mother from Placentia, California (with privacy settings on) took a survey that said she had a sexual IQ of 120. To quote "When it comes to sex, you are a super genius".

I'm acting like a stalker!

The thing is I do like MySpace and spend a lot of time talking to bands through it (well, most of the time they are trying to talk to me - ego trip!). I also like my blog and the prospect of links to it is very tempting...


1:18 pm on Sep 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Do to others has you would have them do for you. If the problem was with your website, what would you have someone do? Or, if you were one of the users of the website who might be troubled about the release of this private info, what would you prefer the discoverer do?

In that you are media, I would contact the media department of mySpace and ask for a response to your findings, explaining you are going to publish what you found and their response. Give them a reasonable deadline (two to three days) and then move forward.

The problem with doing nothing is that if you found it, others might as well. This has to be addressed, but addressed in a responsible manner.


2:39 pm on Sep 5, 2006 (gmt 0)

10+ Year Member

Why not do everything at the same time?

Send an email (see privacy page) to them alerting them to the problem.

Post a page on your site about it - with copied screenshots (blank out any details, try not to show how its done).

Write a condensed description here - and a link to the page on your site with more detailed information (this may be okay as it is the original source - so long as the page isn't 99% full of spam/ads).

Email the BBC (or reuters or whatever)

It's important to alert everyone quickly in case anything bad comes of it - you have a responsibility to do so. Whatever you do don't post anything that instructs people on how to get the data (here, on your site or anywhere else).

I don't see anything wrong with telling announcing the problem as it will encourage/alert the site to the problem and get it delt with quicker (some sites ignore emails - perhaps they get too many or they go to the wrong people)


10:14 pm on Sep 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I did a post on my blog late last night about this. It's been fun watching the number of referrals from Digg (and StumbleUpon for a short intense time). Still only six Diggs though (including mine). Seems like the real users of the Internet are not too interested - duh, of course we know anything you post online isn't private. I suspect the Media frenzy on MySpace privacy is not reflected in the concerns of actual users.

But a few hundred extra visitors to my blog is nothing (and no I haven't put any ads or spam links on that page). I use MySpace to stay in touch with all my bands who send me CDs to review so I am an enthusiastic user of the site for the music side of it. I also see it as a potential way of challenging the power of the Record Companies in the future.

I am going to report the problem on the MySpace forums so that they hopefully will fix the privacy leak.

Posting on WebmasterWorld is more of a problem - links to blogs are not allowed for very good reasons. But I am not even allowed to post links to the example I have set up to demonstrate the problem. The only comment on the blog post was 'it didn't work for me' so I made a profile of mine Private and showed how you could see data from it.


Featured Threads

Hot Threads This Week

Hot Threads This Month