Forum:
Hey guys. I was Larxene in Online on MySpace93. Mercedes told me to join this group now that MySpace shut down. I’m here to tell you guys what happened and here’s a screenshot to prove it really is me.
So I got this message just like everyone else. I contacted The Online Mercedes and asked her to send me a screenshot of her MySpace. She also got the message and we decided to post a blog about the situation on my MySpace account. We compared the screenshots of the email and saw the same ip address. We knew it was a hack because of the IP addresses but only said that it was probably a hack in our blog just in case it wasn’t a legit hack. After that, Mercedes noticed that it was only a security measure because of the comment Koala71783 posted on Tom’s account and then Tom contacted me telling that it was just a security measure. I wish I had known at the time that Me and Mercedes were right and it had been a hack. I’m so angry at Tom AKA Janken because he lied to me about the hack and I can’t forgive him for that. I still had my account active after that and didn’t get banned. Mercedes was online the night before the shutdown and unfortunately, everything seemed fine. Mercedes doesn’t have a recent backup and I never backedup my MySpace info so I’ll just friend any old fwiends Mercedes had. What do you think? Thank you for reading. Bye:(
« Back to the MySpace93 Fwiends Forum
We knew about the MS93 hack before the hack info
Report Topic
3 Replies
Reply by H3
posted
Ask @ilikebreadtoomuch. They have an archive of the day right before the shutdown! They are also active in this group.
Reply by bonkmaykr
posted
updated
To be 100% fair, it's very clear that Janken has absolutely zero experience with internet security. The majority of internet security on one's website should be focused on the server-side, which means that languages like PHP and ASP.NET should be what you're most concerned about as the developer of a social media platform. These are backend, server-side languages. Janken has experience with the frontend where he does not have to worry about security as much aside from rare XSS occurences etc etc and maybe some small JS bugs. Windows93 was a frontend project which mostly ran on the client-side. Janken likely might not have known what to do in a situation like this.
Even I could see from a distance how poorly written the site's code was without even needing to read it, since there were so many form validation bugs and the most he could do was ban words like "style" and "?php" instead of doing it the right way and using HTML entities. He even stored passwords in plaintext, which was also obvious since the system could read your passwords and literally spit them back to you via email. A good password system will ensure that the server and staff don't even know what your password is. He probably thought all of this was fine because it was a passion project and not intended to be serious business.
You also have to take into account the fact that when a platform with 85k+ users gets breached, you have to be very considerate about how people may react. It's likely he did not want to scare people and thought that just telling people to change their passwords regularly would help mitigate the problem alongside a forced password reset, but this approach comes at the cost of being less safe on other sites as there's no guarantee that users will take the subtle hint.
THAT BEING SAID.... It's not an excuse to lie about it either or hesitate fixing it, so shame on him for that.
Reply by PolishUser
posted
updated