[Dataloss] fringe: Pillaged MySpace Photos Show Up in Massive BitTorrent Download

security curmudgeon jericho at attrition.org
Thu Jan 24 16:45:51 UTC 2008



[The information compromised consists of private photograph/images only,
  not PII. However, such images can be fairly sensitive at times.]

http://www.wired.com/politics/security/news/2008/01/myspace_torrent
  By Kevin Poulsen     01.23.08 | 5:00 PM

A 17-gigabyte file purporting to contain more than half a million images 
lifted from private MySpace profiles has shown up on BitTorrent, 
potentially making it the biggest privacy breach yet on the top social 
networking site.

The creator of the file says he compiled the photos earlier this month 
using the MySpace security hole that Wired News reported on last week. 
That hole, still unacknowledged by the News Corporation-owned site, 
allowed voyeurs to peek inside the photo galleries of some MySpace users 
who had set their profiles to "private," despite MySpace's assurances that 
such images could only be seen by people on a user's friends' list.

"I think the greatest motivator was simply to prove that it could be 
done," file creator "DMaul" says in an e-mail interview. "I made it public 
that I was saving these images. However, I am certain there are 
mischievous individuals using these hacks for nefarious purposes."

The MySpace hole surfaced last fall, and it was quickly seized upon by the 
self-described pedophiles and ordinary voyeurs who used it, among other 
things, to target 14- and 15-year-old users who'd caught their eye online. 
A YouTube video showed how to use the bug to retrieve private profile 
photos. The bug also spawned a number of ad-supported sites that made it 
easy to retrieve photos. One such site reported more than 77,000 queries 
before MySpace closed the hole last Friday following Wired News' report.

[..]


More information about the Dataloss mailing list