Tuesday, October 16, 2007

Hacking MySpace accounts



Edit: This post moved to http://www.theonlinerant.com/2007/10/16/hacking-myspace-accounts/

The other day I got an email claiming I had a message from a friend on MySpace. Well, I really don't like MySpace (More of a FaceBook fan)and I don't use it much anymore, so I didn't rush out to go get it. But I did eventually go check it out. As soon as I logged in, I saw that it was nothing but a spam message. So I just deleted it. Since I was on anyway, I thought I would check out the various bulletins that people had posted.

And what do you know! There were 4 bulletins from the person who had sent me the spam message. Three of those bulletins were clearly spam, but the last one was really from her. In that bulletin, she claimed that someone had hacked her account, and to disregard any strange messages that she might have sent before she realized she had been hacked.

Well, I was a little curious about the "hack" and decided to do some investigating to find out how peoples accounts normally get hacked. You see, I've had a MySpace account for years and it's never been hacked. And it's not like my password is super secure. I wont tell you what it is, but I will say it isn't one of those extremely long ones with a random conglomeration of letters, numbers, and symbols that security experts say you should have. I've also never changed it the entire time I've had the account!

So I was really wondering how so many of my friends get there accounts hacked. It turns out that the most common method of getting your account "hacked" is to have the password stolen. That's right, stolen. Not broken or guessed. No one is running brute force attacks to get your password.
Furthermore, if they did steal your password, it's probably because you GAVE it to them. That's right, I said gave. They tricked you into giving them your password, and then they simply logged in to your account.They didn't hack your MySpace account. They hacked you.

So how do you keep this from happening? well it's real simple. Don't give away your password to anyone. Never enter it into any other site except the MySpace login page. That will take care of most of the methods by which people get your password.
The remaining ways people can get your password are a little trickier, and I have a lot more sympathy for people who fall for these. These methods involve sending you to a page that looks exactly like the MySpace login page, but isn't. So you think you are logging into MySpace, but actually you are logging into another website that is stealing your password. Still involves you giving them the password, but its a little trickier because you thought you weren't giving it to anyone but MySpace.
This method is still easy to avoid. Just log in to your account only from the official MySpace.com website. How do you know if the page you are logging into is from the original page? Make sure that the address you typed to get to the page was MySpace.com After that you can click on the login link to be taken to the login page. Just make sure you started at the MySpace.com website and not some other site.

Oh, and this advice goes for my FaceBook friends as well.

1 comment:

Michael said...

I've always said: The greatest enemy of office security is the yellow sticky note with login information stuck to the computer monitor.