According to a new report by security researcher Leigh-Anne Galloway, you can essentially log in to any user's Myspace account just by knowing their birthday. In a post on her personal blog, she detailed how it works: like many sites with account logins, Myspace has a recovery system that helps you access your profile if you forget your password by asking you to confirm some other identifying information (an associated email address, username, etc.) and resetting it. However, according to Galloway, someone only needs to another user's birthday in order to get into their account. This is because, due to some sort of glitch, you can actually enter any email address, as long as the birthday is a match, and get in (you do need to enter the username and account holder's name, but those are both already listed publicly on their profile page and thus easy for anyone to find).
Despite bringing the particularly glaring issue to Myspace's attention months ago and asking them to fix it, Galloway went public after hearing nothing back from the company. And, it appears her strategy worked. In the hours after her post went up on Monday morning, it caught the attention of many news outlets, and Myspace has since taken down the particular account recovery page she was referring to.