You probably haven't touched your Myspace account in ages, but you might want to pay it a visit just in case -- as it turns out, it's trivially easy for someone to take control. Security guru Leigh-Anne Galloway has discovered that Myspace's account recovery site only validates your real name, user name and birthday. Given that the first two are easily obtainable, you only really have to guess the birthday to hijack an account -- and that's not necessarily hard depending on how publicly someone celebrates the occasion. In theory, someone with a knack for Google searches could impersonate you with little to no warning.
We've asked Myspace for comment. Time's social network hasn't exactly been responsive so far, though. Galloway says she emailed Myspace about the issue in April and hasn't had a response. In the meantime, though, she suggests deleting your Myspace account if you're at all concerned about it. A data thief or prankster could use it to get further insights into your personal life (albeit from several years ago), and they could tarnish your online reputation by messing with your profile. If nothing else, this illustrates how crucial it is to constantly update security measures -- it shouldn't be possible to recover an account this easily, especially not in an era when data breaches are a seemingly regular occurrence.
Update: Myspace tells us that it has "enhanced our process" for account recovery by adding an extra step (it doesn't say what this is), and that it will "refine and improve" the recovery system over time. That's an important step, but it begs the question of why Myspace waited as long as it did to take action. Whatever the answer, you can read the full statement below.
"In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access. We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time."