MySpace Accounts Compromised by Phishers!

Be careful the next time you log into MySpace.com. The site has been compromised and MySpace knows about the flaw, but has not fixed it yet.

The hackers have engineered a fake login form on MySpace's own web site. Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace's own servers and does not exhibit any signs of external content, such as cross-site scripting or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.

Netcraft Claims, however, that if users use their browser toolbar, they will be safe from this specific attack.

Sources: Slashdot, NetCraft