Hundreds of Thousands of Private MySpace Photos Leaked
Here is the rest of the Wired story.
The creator of the file says he compiled the photos earlier this month using the MySpace security hole
that Wired News reported on last week. That hole, still unacknowledged
by the News Corporation-owned site, allowed voyeurs to peek inside the
photo galleries of some MySpace users who had set their profiles to
"private," despite MySpace's assurances that such images could only be
seen by people on a user's friends' list.
"I think the greatest motivator was simply to prove that it could be
done," file creator "DMaul" says in an e-mail interview. "I made it
public that I was saving these images. However, I am certain there are
mischievous individuals using these hacks for nefarious purposes."
The MySpace hole surfaced last fall, and it was quickly seized upon
by the self-described pedophiles and ordinary voyeurs who used it,
among other things, to target 14- and 15-year-old users who'd caught
their eye online. A YouTube video
showed how to use the bug to retrieve private profile photos. The bug
also spawned a number of ad-supported sites that made it easy to
retrieve photos. One such site reported more than 77,000 queries before
MySpace closed the hole last Friday following Wired News' report.
By then, DMaul, a denizen of the online forum TribalWar.com who
declined to reveal his name, used an automated script to run nearly
44,000 MySpace user profiles through one of the ad-supported sites,
MySpacePrivateProfile.com -- a process he says took about 94 hours. He
rolled those images into a single file and seeded it to The Pirate Bay,
a popular BitTorrent tracking site, on Sunday, advertising it as
"pictures taken exclusively from private profiles."
Despite the language, the script DMaul posted to TribalWar does not
appear to discriminate between public and private profiles, making it
likely that many of the photos were intended to be public. The script
cycled through MySpace users sequentially by MySpace Friend ID number,
and did not target users of a particular age group.
Even with some public photos in the mix, the haul represents a
significant breach that affects users under 16 -- whose profiles are
automatically set to private -- more than older users who must opt-in
to the privacy option.
As of Wednesday morning, The Pirate Bay showed two users seeding the
file, and another 40 downloading it. One commenter complained that the
download could take "weeks or months" to complete, prompting another to
predict that, "By the end of the week it should be well distributed."