Until recently, MySpace had a serious security flaw that allowed photos of users whose profiles were set to private to be viewed by anyone. Two weeks ago, user called DMaul uploaded a 17 GB file of more than 500,000 private Myspace photos available for download on torrent sites. The file was the 9th most downloaded file on torrent sites that week.

According to Wired, the file quickly lost popularity after people realized it was a random collection of typical photos — weddings, babies, birthday parties. DMaul has come forward to explain his actions, saying “I think the greatest motivator was simply to prove that it could be done. It is ridiculous to think that there is privacy on public websites. These types of situations are more education than anything.” So DMaul’s actions indeed had no malicious intent, and they should by taken for their educational value.

The real kicker is that the security flaw was known on various message boards for months before it was fixed. What’s even more disconcerting is how this flaw was exploited. A thread on the discussion forum Sohh.com back in October consisted of a self-described “pedo army” sharing the private galleries of 15 and 16-year-old girls. There have even been YouTube videos and commercial websites touting this flaw. It was only after Wired broke the story that MySpace finally fixed the hole. I’m also surprised that despite a fair amount of coverage in the blogosphere, the story hasn’t made it into the mainstream news either.

MySpace has so far refused to comment on the situation, so it’s hard to say whether MySpace was unaware of the situation or was aware and didn’t act on it. Either way, the blame should lie with MySpace for flouting the privacy of its users for so long. While most teens are perfectly aware of the dangers of leaving their profiles open, there is the expectation that profiles set to private will indeed be private. Is this expectation rational in today’s world? Surely the millions of people who do their banking or shopping online would think so. Social networking sites should be taking the privacy of its users more seriously, especially when minors are concerned. It has been suggested that sites like MySpace need to create special task forces that will prowl the Internet looking for security flaws as they arise. When users have done their part to protect their privacy, MySpace should do its part too.

Be Sociable, Share!