Exploit: Own MyBlogLog accounts in 3 easy steps


Check it out, easily grab accounts at MBL -

Sign up for MBL, it only takes a second. Use bogus info for this, you can even use a bogus email, MBL doesn’t confirm anything by email so it will work. Keep track of your info though so you can access your account later.


That search will bring back all the profile pages of MBL accounts that have not been claimed by an author yet. There were at least 3k accounts when I first noticed this last night, but I have notice others catching on to this and snapping them up already.

Here's the full story


Fun stuff

When MyBlogLog first started I created accounts for:

Paris (Hilton)

The novelty has worn off a bit but it was fun to set these up and get all the fan mail in the comments. You can also set these up legitimately at first and then point the url's to your own domains after you build a large community. The resulting hate mail from obsessed fans can be fun to read too.

Enterprising Individuals

I found the people who claimed music stars main websites then added their own music star related blogs quite amusing.

Hey MyBlogLog I think it really might be time for a full security audit, I know it's anti-fun but I think the time has come


How did he miss this one?

FWIW, I'm going to be at a party with one of the MBL execs in about 2 weeks. I should ask him how those embarassing security problems are going when I meet him.

I got pinged about it but I am trying to move on ;)


I'm really disappointed that the obvious Matt Cutts Bait was missed as his blog is one of the many currently squatted by mblshouldnotallowthis


Rafer said: "The problem is that so many of the confirmation emails are caught in people’s spam folders"

Write a better template.

Great way to get people to

Great way to get people to sign up though. I can see the advert now, "Hey if you don't claim your blog someone else will...Be Quick...MyBlogLog"

Congrats to DaveN jumping in

Congrats to DaveN jumping in on the Matt Bait.

Has MBL stalled

When I first signed up there was a flurry of activity and now it has slowed considerably. Yahoo! needs to swing into action and puff it up a bit in my opinion. I suspect the founders excpect(ed) this as well.
One of the nice things about MBL is profiles index well and quickly on Google.

Elpresidente, you have too much free time on your hands!

that's elprezidente

With a 'Z' ;-)

I suppose you're right about wise use of free time.

