MySpace: The OSINT Left Behind For Collection

MySpace: The OSINT Left Behind For Collection

How did you use your MySpace? If you answered no, there still may be unflattering or embarrassing information about you. I used their standard username and found a MySpace account. At first, I was not 100% sure that I had the right account. Scrolling through albums, I found the same picture that this person uses as Facebook and Twitter profile pictures. In their connections, I found numerous accounts associated with phones or with profile pictures of people on pay phones. One of the profile pictures used on the user above's page said that "Royal is locked up" with a prison address and what the person was allowed to receive. Through some more OSINT investigating, I was able to uncover that "Royal" was arrested as a co-defendant for swatting people. When I moved to older people within the community, I could not find MySpace accounts for them. Internet etiquette has somewhat changed since Facebook eclipsed MySpace as well as the way society handles privacy.

A security researcher just revealed a huge Myspace security flaw
A security researcher just revealed a huge Myspace security flaw
The forgotten ‘Facebook of China’ is sold for $20M
enters Myspace signage is displayed on a computer monitor for a photograph in New York, U.S., on Wednesday, June 29, 2011. News Corp. agreed to sell Myspace to Specific Media Inc. for a fraction of what it paid six years ago, ending its efforts to turn around the money-losing social networking business. Photographer: Jin Lee/Bloomberg BLOOMBERG NEWS

If you are above 30, the chances that you had a MySpace account before Facebook came along are high. My question to you in this Open Source Intelligence (OSINT) journey is this: What did you do with your account when you left? I expect the answer to be that you abandoned it and never looked back. While that may be okay to a degree, it was still mostly taboo to use or reveal your real full name. For the majority of people, they left this information behind. There is a good chance that their Facebook username is identical to their MySpace name.

How did you use your MySpace? Did you post anything that may be embarrassing? Any college days kegstand pictures? Partying in the club while visibly inebriated? If you answered yes, these could all surface if a persistent attacker or OSINT investigator went down the rabbit hole on your account. If you answered no, there still may be unflattering or embarrassing information about you.

To demonstrate this, I looked at some of my friends in the hacker and infosec community. I made note of their Twitter handles then applied the theory of username reuse to see if I could find their MySpace accounts and find out what was publicly available. In the interest of protecting my friends, I will not be saying whose accounts I assessed.

The first name who came to mind had a MySpace under the same username. Since I have spent time with them in person at conferences, I was immediately able to validate the profile based on their picture. This user listed their first and…

Pin It on Pinterest

Shares
Share This