[Dataloss] fringe: Pillaged MySpace Photos Show Up in Massive BitTorrent Download
security curmudgeon
jericho at attrition.org
Thu Jan 24 16:45:51 UTC 2008
[The information compromised consists of private photograph/images only,
not PII. However, such images can be fairly sensitive at times.]
http://www.wired.com/politics/security/news/2008/01/myspace_torrent
By Kevin Poulsen 01.23.08 | 5:00 PM
A 17-gigabyte file purporting to contain more than half a million images
lifted from private MySpace profiles has shown up on BitTorrent,
potentially making it the biggest privacy breach yet on the top social
networking site.
The creator of the file says he compiled the photos earlier this month
using the MySpace security hole that Wired News reported on last week.
That hole, still unacknowledged by the News Corporation-owned site,
allowed voyeurs to peek inside the photo galleries of some MySpace users
who had set their profiles to "private," despite MySpace's assurances that
such images could only be seen by people on a user's friends' list.
"I think the greatest motivator was simply to prove that it could be
done," file creator "DMaul" says in an e-mail interview. "I made it public
that I was saving these images. However, I am certain there are
mischievous individuals using these hacks for nefarious purposes."
The MySpace hole surfaced last fall, and it was quickly seized upon by the
self-described pedophiles and ordinary voyeurs who used it, among other
things, to target 14- and 15-year-old users who'd caught their eye online.
A YouTube video showed how to use the bug to retrieve private profile
photos. The bug also spawned a number of ad-supported sites that made it
easy to retrieve photos. One such site reported more than 77,000 queries
before MySpace closed the hole last Friday following Wired News' report.
[..]
More information about the Dataloss
mailing list