We've asked Myspace for comment. Time's social network hasn't exactly been responsive so far, though. Galloway says she emailed Myspace about the issue in April and hasn't had a response. In the meantime, though, she suggests deleting your Myspace account if you're at all concerned about it. A data thief or prankster could use it to get further insights into your personal life (albeit from several years ago), and they could tarnish your online reputation by messing with your profile. If nothing else, this illustrates how crucial it is to constantly update security measures -- it shouldn't be possible to recover an account this easily, especially not in an era when data breaches are a seemingly regular occurrence.
Update: Myspace tells us that it has "enhanced our process" for account recovery by adding an extra step (it doesn't say what this is), and that it will "refine and improve" the recovery system over time. That's an important step, but it begs the question of why Myspace waited as long as it did to take action. Whatever the answer, you can read the full statement below.
"In response to some recent concerns raised regarding Myspace user account reactivation, we have enhanced our process by adding an additional verification step to avoid improper access. We take data security very seriously at Myspace. We plan to continue to refine and improve this process over time."