MySpace Beefs Up Security; More To Come, CSO Says

The popular social networking site is taking steps to protect its young users.
The troubling headlines are everywhere. Girl, 15, runs away with MySpace acquaintance. Man met alleged victim on MySpace. Teen pleads guilty in MySpace threats case.

Never know who you'll meet next

Never know who you'll meet next

Photo by Nicholas Kamm/AFP
The popular social networking site is taking steps to protect its young users with a bold new program to stop child predators. MySpace has hired online identity and background verification company Sentinel Tech Holding to build a database and search technology that will let newly dedicated, full-time MySpace staffers find and delete profiles of registered sex offenders. They'll use identifying information including name, age, height, and eye color to weed them out. The database will aggregate data on 595,000 sex offenders otherwise isolated in 46 different registries.

Chief security officer Hemanshu Nigam, who joined MySpace last spring from Microsoft, hopes the database can be used by the rest of the social networking industry. "We saw this really gaping hole here," Nigam said last week in an interview.

The concept, however, is unproven. It's not clear how well technology for matching physical characteristics of sex offenders with photos works. And the database won't include unlisted child predators. "Most of the people who are molesting children online are not registered sex offenders," says online child safety advocate Parry Aftab of

Connecticut Attorney General Richard Blumenthal applauds the effort but says any safety program without some form of age verification for new members would be ineffective. MySpace uses algorithms to analyze profiles and determine if members are lying about their age, and it deletes 30,000 underage profiles a week. The company continues to assess other age verification technologies, Nigam said.


The database is the second significant safety measure instituted by MySpace since Nigam, a former federal prosecutor, joined the company. In June, MySpace created a policy that members older than 18 can contact younger members only if they know the child's full name or e-mail address. This change came soon after MySpace was sued for $30 million by a 14-year-old and her mother who accused a 19-year-old the girl met online of sexually assaulting her. Nigam said one or more new initiatives will be announced in January.

Lawmakers are cracking down as well. Virginia Attorney General Bob McConnell last week said he will push for the creation of a database of registered sex offender e-mail addresses and instant message user names. At the federal level, an upcoming effort from Sens. John McCain, R-Ariz., and Chuck Schumer, D-N.Y., would create a national registry similar to the one proposed by McConnell.

MySpace is dealing with other threats. In June, a banner ad may have infected a million of its users with adware. More recently, a worm took advantage of a flaw in Apple's QuickTime media player to change user profiles and add links to fake Web sites. The cross-site scripting attack uses JavaScript to manipulate code or steal data. RSnake, founder of and, says social networking sites are petri dishes for testing cross-site scripting attacks.

MySpace works with application vendors like Adobe and Apple to ensure security and get fixes to users when necessary. Nigam said he has reached out to Apple in the most recent attack. MySpace investigative teams work with law enforcement to identify attack sources.

Unfortunately, incidents keep making headlines. There's the recent account of an Ohio man accused of posting video on MySpace depicting the attack and rape of a 14-year-old boy. But with its latest efforts and more on the way, MySpace should become a safer place.

with Kelly Jackson Higgins

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing