So here’s a good one. Angela logged in to her MySpace account to send a message to a friend of hers. When she did, it gave her an error about the spam filter, then she was prompted to change her password because her account had been phished, which it hadn’t.
Stay with me on this one, it gets better. When she went to change her password, the captcha-like image was a broken link, so no way to verify the text, and therefore no way to change her password.
But it gets better. Since she was using Safari on the Mac, I thought maybe this is a browser problem, so I had her log in using IE on my PC. Upon logging in she was greeted with the message, and again, a broken image.
This is ridiculous enough, but the real kicker is this. Part of the message says:
Since we were able to detect this, we’re giving you a chance to change your password now. This will prevent the evil phisher from logging in as you and sending spam comments, emails and bulletins and editing your profile. Change it now, and you’ll be safe!
Yes, whenever your account is logged in, you’ll see a prompt about it being locked, but all you have to do to unlock it is change the password from the home page, and MySpace, in their own incredibly powerful way, will know that it’s you changing the password, and not the person who phished the account in the first place, so you’ll be absolutely safe.
How dumb is that?