Yesterday, I wrote a blog post about the safety of social networks. I would personally like to rescind that and talk about how I have since been violated by the lack of security on MySpace. While I am still a firm believer in Facebook and the precautions that site takes to protect its users, my prior apprehensions about joining MySpace have been reaffirmed by today’s events. (Prior qualms included lack of security and overabundance of advertising)
I logged on to MySpace this morning as I have been everyday this week. It was becoming as natural as checking my email every morning and I was finally starting to grasp some of the nuances of using the site. Although, I quickly became frustrated when I could not post a comment to a friend’s wall and the site continued to redirect me back to my homepage. That is where I found the message from “Tom”, the universal MySpace friend, that has set this blog in motion.
Tom told me that my account had been phished and that it was possible that someone had stolen my email address, password, and had complete access to my profile. My profile was then blocked from doing anything on the site until I changed my password. (Although the phisher could clearly change this too, since he already had my password.) Thinking that this might be a normal occurrence (even though nothing like this has happened to me in the three years that I have been a Facebook member), I followed the prompts to change my password. I did just that and thought I could MySpace to my heart’s content — boy — was I wrong!
My account subsequently got phished five more times — each time I changed my password and hoped for the best. I responded by sending messages to MySpace customer service where a form letter told me that they would contact me by email. I have yet to hear back from MySpace and their corporate machine. Apparently, News Corp.’s advertising bonanza doesn’t have time for the little guy.
I am no longer a MySpace member. I am now hoping that any information my “phisher” might have attained through my sparse profile does not affect my friends who have so openly displayed their lives on the site and who accepted my friendship through the site in such blind faith that I am someone they know and trust.
In an interview with Alex Pasquariello (a fellow Fast Company writer) for a Fast Talk in our May 2007 issue, Symantec’s Zulfikar Ramzan told Mr. Pasquariello that it is not uncommon for internet thieves to use social networks to steal people’s information and use the bond that the victim has created with networked friends to direct friends to false sites that will essentially rip them off. (This part of the interview did not make the cut into the print edition.)
This, to me, is a scary thought. I would hate that someone is abusing the bonds that I have nurtured with my cyber friends (all of whom I know in real life — many of which I don’t see on a regular basis). But this scariness is compounded by the slew of links I found addressing this on MySpace’s FAQ page. Some of the links on the page addressed how to handle someone pretending to be you on MySpace, while other links talked about what to do if someone is using your email address without permission, while still others take on the subject of your account being compromised. Clearly, I am not the only member to have been phished and MySpace has done little in the way of improving their security to tackle the problem.
I have little faith in a company that will do nothing to improve their user’s experience; that simply tells them to deal with it and try again. I feel that my world has been violated and that I am missing out on an experience that I could have had a lot of fun with (if the lack of security wouldn’t keep me up at night worrying that someone was going to get into my email account next).
Are you on MySpace? Have you been phished? Would you stick with a service that so blatantly regarded your privacy and the use of your personal information as a minor issue? Does News Corp.’s ad-laden social network feel like an internet sanctuary where friends can share in common experiences or does it wreak of a corporation who has forgotten the original intention of its product?