BreachExchange mailing list archives
fringe: Pillaged MySpace Photos Show Up in Massive BitTorrent Download
From: security curmudgeon <jericho () attrition org>
Date: Thu, 24 Jan 2008 16:45:51 +0000 (UTC)
[The information compromised consists of private photograph/images only, not PII. However, such images can be fairly sensitive at times.] http://www.wired.com/politics/security/news/2008/01/myspace_torrent By Kevin Poulsen 01.23.08 | 5:00 PM A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on BitTorrent, potentially making it the biggest privacy breach yet on the top social networking site. The creator of the file says he compiled the photos earlier this month using the MySpace security hole that Wired News reported on last week. That hole, still unacknowledged by the News Corporation-owned site, allowed voyeurs to peek inside the photo galleries of some MySpace users who had set their profiles to "private," despite MySpace's assurances that such images could only be seen by people on a user's friends' list. "I think the greatest motivator was simply to prove that it could be done," file creator "DMaul" says in an e-mail interview. "I made it public that I was saving these images. However, I am certain there are mischievous individuals using these hacks for nefarious purposes." The MySpace hole surfaced last fall, and it was quickly seized upon by the self-described pedophiles and ordinary voyeurs who used it, among other things, to target 14- and 15-year-old users who'd caught their eye online. A YouTube video showed how to use the bug to retrieve private profile photos. The bug also spawned a number of ad-supported sites that made it easy to retrieve photos. One such site reported more than 77,000 queries before MySpace closed the hole last Friday following Wired News' report. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- fringe: Pillaged MySpace Photos Show Up in Massive BitTorrent Download security curmudgeon (Jan 24)