Assuming an Identity on MySpace

Did you know I can sign up as you on MySpace?

That’s right … I can sign up on MySpace under your email address and assume your identity. MySpace does send an email to verify the email address – but you do not have to click on the verification email to use MySpace. You can still do everything on MySpace you’d always do – like creating an account, adding pictures, adding friends, and generally being active on MySpace.

You can assume anyone’s identity on the number one site in America. But this is only if that email address was not used to sign up for an account.

This guy named Alvin has Jeff Bezos’s email associated with him. Maybe this is Jeff’s alter-ego, but I doubt it.

And did you know the US President has a MySpace profile? Search on “president@whitehouse.gov” and you’ll find a guy named “the” who’s occupation is “swinger” and who’d like to meet “tyrants, weirdos, shallow corporate raiders. ex-skull and bone members.. remember the handshake. or is that remember the too.” … of course, he hasn’t logged in since 12/19/2003 – so he’s also an early adopter and early MySpace user.

1310482795_mNick Douglas from Valleywag has a MySpace account under his gmail address. If you know Nick’s gmail address and you search at http://search.myspace.com you’ll be taken to his page. This is his real page.

But if you searched for Nick’s @valleywag.com email addresses this morning you wouldn’t have found anything. Anyone with a little ingenuity can register for MySpace under his email. And I just did. If you search for his email @valleywag.com now you’ll get this profile: http://www.myspace.com/valleynick

It looks legit but it is actually my putting it together. Not sure Nick got the email from MySpace with the password I picked … but if he misses the email or chooses to ignore it (because he already has a MySpace account and his other cookie overrides the link when he clicks on it), then I am as good as gold. Given the increase in Myspace phishing, and your tendency to overlook Myspace emails, I’m better than gold – I’m platinum baby.

[note: after 4 hours Nick still has not logged into his new account or changed the password]

Though this can be fun and tame … like me signing up as Clark Kent @ superman.com … it can also be used for malicious purposes. Someone can assume another person’s identity, get people to trust them, and be fooled when that person goes to verify their email address in MySpace (which is the only way to verify someone today).

22 thoughts on “Assuming an Identity on MySpace

  1. Bernadette

    Auren, this is why a reputation service like Rapleaf is important. If only every social networking site and online shopping experience are protected with a Rapleaf badge, then the number of socially responsible individuals will increase. Individuals are more likely to behave because they know their reputation are key to their growth. People also do not have to worry if anyone can do something malicious when their identity is stolen because they already have a Rapleaf badge. Unless Rapleaf have the same loopholes as you suggested in this article , then maybe its time to fix it!
    Rapleaf can be a “cyber cop” protecting individuals from prying hackers floating around cyber space. Infact, wouldn’t it be fun if Rapleaf’s tagline was ” Rapleaf- the internet cybercop, we stop unwanted wannabe’s trying to steal your identity.”
    Sorry if my english is bad, I am still learning.

    Reply
  2. Diego

    Hi Auren,
    Questions: how does Rapleaf protect my online reputation if someone was to steal my id (i.e.: your example with MySpace). For example: If I have a good rep with @ Rapleaf and someone opens an accoutn in my name at, say, MySpace and trashes my reputation, and that causes people not to trust my name and provide negative feedback at Rapleaf?

    Reply
  3. Auren Hoffman

    Diego — Rapleaf is working on some innovative systems to help protect identity theft. it is a hard problem but we’ll soon be implementing some roadblocks to make it much harder for the bad guys to be successful.

    Reply
  4. KEVIN PINA

    I opened a new account earlier this year but never had the time to use it. Today i received a request from someone wanting to join “my friends.” Out of curiosity I went back through my emails and retrieved the original account information and password initially forwarded to me after opening the account. Lo and behold the password worked and there before my eyes was a page containing pornographic photos and videos and material i personally would never want to be associated with. It was still under my name with my current email address.
    I have been a journalist and documentary filmmaker for over 20 years and have been the target of malicious personal attacks because of my political stance in questioning US foreign policy. Anyone who saw this MySpace page in my name would have associated it with my person and reputation which I find frightening. Again, access to this page was only possible by using the original password that was sent directly from MYSpace.com.
    Needless to say, I immediately deleted the account after creating a .pdf of the contents to forward to my attorney.
    The interesting thing was that the first friend on the account was a photo of a man named Tom. I have since learned he is Mr. MySpace himself.
    Beware of MySpace, their role and intention is less than transparent and clear to me.
    Best,
    Kevin Pina

    Reply
  5. yadira

    I need help verifying my email address i have done everything and so far nothing. if you could help i t would make me happy. thanks.

    Reply
  6. Denae

    yeah, I need help to verify my myspace e-mail but i dont know how so I need help, can you help me. One more thing I already have a myspae but i dont want to delete it!!

    Reply
  7. Chala

    Can’t you help me verify my current email address please I tried so hard to verify it but I still keep having problems to verify my email address.

    Reply
  8. C

    I dont understand your point about the email address? How does an email address “prove” anything? I can create an email account name of anyone, It doesnt verify or account for anything though.
    If you can create the myspace account to look like anyone, eg. the username, images of the person, etc. The email address can be hidden on the page, thus not an important factor when you are looking at a page.
    Since myspace uses a mail system, they should have there own email addresses as well. At the very least force users to show email addresses on there page, but this still does not solve the problem.

    Reply
  9. C

    For fun I searched my name in myspace and someone did make a myspace as me using their own e-mail address. A real picture (not so good) and false information about me. I have no way to rid this mess. I reported it in, sent e-mails to the fake profile, and to who I thought made it, demanding that it be taken off. Nothing….any help???? PLEASE

    Reply
  10. LoudSiren Identity Protection Network

    My visa was just used to purchase 4 worth of something in Czechoslovakia, then 1500 worth of diamonds in Spain. Holy crap. She said it’s nothing that I’ve done wrong, that the Evil Thieves are able to get credit card numbers from literally anywhere (like, for instance, the huge database theft that hit the parent company of HomeSense, where hundreds of thousands of visa billing records were stolen, likely a few of mine in there as well).

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s