Stupid Friendster Bug

Last week I received a notice from Friendster asking me to confirm an account I recently created. This surprised me, since I never created the account. I do have a Friendster account, but I use a separated email for it, an email I use for "junk" stuff since I don't want SPAM on my real email. Anyways, I figured some idiot probably just typed in the wrong email, and that's the end of that.

Well, since then I've received Friendster messages on a regular basis telling about a message in my inbox, and people who wants to be added as my friends. So I decided to go to friendster and figure out what's going on. I just told friendster I forgot my password, and sure enough a second later I received the password used to open the account. The guy is a 18 year old guy from the Philippines. It seems like he's not very bright. He even used his own birthday as his password. I changed that right away so that he can't login to this account. I then read the messages on the account's inbox. Most of it are typical teenager stuff with messages typed in mixed upper and lower cases. The guy's girldfriend left a note written in Tagalog (which I understand).

Anyways, for a second I was tempted on messing with the guy. Maybe respond to his girlfriend's note and tell her she's ugly and far, or that I turned gay after watching that gay cowboy movie Bareback Mountain. Countless thoughts went to my mind, but in the end I decided to just delete the account. If the guy is dumb enough to use the wrong email twice to create an account, then I'll take more drastic moves.

I, of course, tried creating an account using one of my other email addresses to see what would happen if I never click on the link included in the verification email. Sure enough, I don't need to check that email. At least not to create and update the profile. I can even logout and log back in with no problems. What you cannot do is add friends to your account.

Anyways, this bug probably shows up rarely since:
1) Not a lot of people are dumb enough to type the wrong email address
2) Who the hell uses Friendster these days? Everybody had moved on to MySpace or Orkut.

But this bug can be used to SPAM people. Just create a dummy account using an email of someone you don't like, make the account a name of a celebrity that people would want to be added as friends, and there you go. Whomever owns that account will be bombarded with requests from Friendster users who wants to be added as his/her friends.

I can't believe a simple scenario like this escaped the people at Friendster.


Post a Comment

<< Home