Security hole in MySpace leads to leak of private pictures

MySpace has had a security hole in it for months that allows anyone to access most photographs, even those of users who’ve set their profiles to private. It’s a simple URL hack; insert the user’s ID into an appropriately constructed URL for viewing photo galleries and you get full access. MySpace doesn’t have any real access control in this instance. News Corporation, the owner of MySpace, has been well aware of this bug for a damn long time, but they still haven’t fixed it. It makes you wonder if all those promises of making MySpace safer are nothing but noise.

Well, MySpace now has a bonfire lit under its feet, because a member of tribalwar.com downloaded a huge number of private pictures from MySpace and released them as a torrent. The torrent weighs in at 17 GB and contains 567,000 photographs. Naturally, I had to download it. A day later (thank you Verizon FIOS!), the download is complete, and I’ve been browsing through them just to see what kinds of pictures people upload to MySpace behind supposedly closed doors.

Most of the images aren’t that interesting. There are a lot of wedding or other formal occasion photos. There are lots of pictures of babies. There are lots of miscellaneous pictures of people mugging for the camera, often in a party environment with drinks in hand. After going through several hundred of the photographs, I could take it no longer. The signal to noise ratio is simply too low. Maybe there’ll be a best of torrent at some point?

But I did find three photos out of the ones that I looked at that are interesting. This is a bit of flavor of what the entire torrent likely contains:

Self Cleavage

I did find a more NSFW image than this one, but I won’t post it here. If I found stuff like this going through just a few hundred photos, well, it makes you wonder what the best photo out of the whole lot is.

Vampire Jesus

Hey look, it’s Vampire Jesus!

Pregnant Woman Under Construction

I don’t think a comment is necessary for this one.

Comments are closed.