MySpace Privacy Flaw Exposes Paris Hilton, Lindsay Lohan Pics

Social networking giant MySpace discovered what appeared to be the first major privacy breach since the recent launch of its Data Availability initiative after a widget on Yahoo's mobile platform exposed private images of Paris Hilton and Lindsday Lohan. The error made images in the user profiles of Hilton and Lohan available for the public to freely view on the Web.

The breach, which was discovered by computer technician Byron NG earlier this week, reportedly occurred as a result of an integration issue resulting from MySpace's recently launched data availability initiative, which allows users to share profile information with other sites, such as Yahoo.com.

MySpace announced the launch of its data availability initiative May 8, which was designed to enable users to freely share profile information and images across numerous other Websites. Rather than updating information on individual sites, the MySpace's Data Availability initiative, also known as data portability, allows users to update their profile in one place which is automatically shared with profiles on other sites.

According to a Valleywag.com blog, users could gain access to Hilton's and Lohan's personal images simply by submitting their own login credentials through Yahoo, one of the partnering sites that shares information with MySpace. Because Yahoo allows its users to add their MySpace profiles to their cell phones without authorizing their login credentials, any user login would suffice to grant access to anyone's personal files on the site.

However, the privacy error exposing Hilton's and Lohan's images prompted both Yahoo and MySpace to disable the data availability between the services until the error is fixed.

A Yahoo spokesperson confirmed that the company was working to address the error.

"MySpace and Yahoo are firmly committed to keeping all users as safe and secure as possible. Recently, MySpace and Yahoo were alerted to a vulnerability within the MySpace widget on the Yahoo mobile platform. The functionality of the widget has currently been disabled as we work to rollout an immediate fix," Yahoo said in an official statement.

MySpace did not mmediately return messages from ChannelWeb.

Data portability is relatively new -- and many highly trafficked e-commerce and social networking sites have recently launched their versions of the service.

Yahoo also announced the beta launch of its Yahoo Open Strategy initiative last month, which similarly allows users to integrate their identity, credentials and friends' list seamlessly into other profiles or Websites. For example, the technology allows users to share data and content with applications such as Yahoo Instant Messenger, which enables their IM client contacts to view their photos, music and other information.

However, researchers contend that the flaw calls into question privacy issues when data is easily transferable, and accessible, from one application to another.

"It's all well and good to speed things up, but how far, how fast?" said Valleywag.com blogger Owen Thompas in a posting. "The example discovered by Ng just demonstrates the tendency of Web companies to take shortcuts with security. With data portability, we won't just have to worry about how well a particular social network guards their personal data; we'll now have to worry about every partner Web site it connects with."