Digital Cemetery and the Myspace vulnerability

via IFTTT Recently, security researcher Leigh-Anne Galloway (@L_AGalloway) found a vulnerability on Myspace, my first thought was amazement that Myspace still existed.

It’s one of the sites that seems to have been lost in the digital abyss, like tears in the rain.

The details of the vulnerability (which appears to have been fixed now) can be found here:

While it’s easy to poke fun at an ancient website with a security flaw, there can be serious consequences as a result. Older sites like Myspace form something of a digital cemetery. Except, data isn’t dead, it’s just abandoned.

So what happens when a website that was once heavily used is left? In these situations, the best thing would probably be if the website shut down altogether.

However, in many cases a website like Myspace limps along. Sometimes trying to reinvent itself, other times acquired by a larger company, stripped of its assets, and thrown into the corner.

Without regular maintenance or monitoring, such websites can easily become derelict, like a building with a leaky roof, occupied only by squatters.

The onus on any website operator, regardless of popularity, or relevance is to maintain good security. Particularly around registration, forgotten password, and forgotten accounts.

The lack of maintenance can expose the data of legitimate users of the service. This could range anywhere from a mild inconvenience, to embarrassment, to being able to leverage for a full on attack.

As users, there is little power one has over how a website is maintained. But, if one has stopped using a service, they should look to move and delete any and all data that may be on there. It is usually not sufficient to simply disable or delete an account, as in some cases these can be reactivated.

It’s an interesting situation that is new to a generation of internet users. What digital ghosts will haunt a generation in their retirement from posts they made when they were full of youthful exuberance?