imeem - Major Security Glitch Exposes Private / Personal Information and Allows Account Hijacking
By Scott Kingsley Clark
On August 25th, 2008 - a major security glitch appeared on imeem.com, a Social Media Network which allows it’s users to post Music, Video, and Photos.
The issue involves users who log in and validated through the log in process only to find themselves in someone else’s account. The users log in using their own account’s information — however, they are actually logged into someone (appears to be random) else’s account. They can modify this account just like if they were actually logged into this person’s account using that person’s login credentials. This exposes the user’s private / personal information and allows account hijacking to be done. Once logged into the other user’s account you can send messages, add friends, upload media, and CHANGE private information including the other user’s password.
To see what imeem is doing about this, check out the thread in their feedback forum: Wrong username, Heeelp @.@
Published Aug, 27th 2008 at 10:24 am in The Vizion Search Engine Optimization Blog, Miscellaneous. Follow responses to this entry via the RSS 2.0 feed.
- Share this Article »
September 10th, 2008 at 4:58 am
Yeah Imeem is quite fine! It’s part of the websites which contributed to the revolution in the musical world. However, my favourite one in that context is … which brought real free and legal music-on-demand! It’s quite great, and it has quite a huge catalogue right now! Check it out.