If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site.

Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company. Only today, after the issue became widely publicized, did Myspace finally remove the flaw. The flaw came from Myspace’s now-defunct account recovery page, which was meant to let people regain access to an account they’ve lost the password to.

There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked. MySpace, the social media behemoth that was, is apparently in the second category. 

The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well.