MySpace Compromised?

Saw this note on Netcrafts site that MySpace was compromised by phishers who have presented a spoofed form on MySpace, this modified login form is designed to submit the victim’s username and password to a remote server hosted in France.

Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form. Source: Netcraft

No notice on the MySpace site, that I can tell.

Added: Just saw a post on InfoWorld about the Netcraft post, and I went out again to check and see if it is still up, but it looks like they have finally taken it down. The page was a user with this name http://myspace.com/login_home_index_html, if you click on it now, it says Invalid Friend ID.

Woah, wait a minute, one time the page is up, the new it is not. Either they are working on it or that page is being slammed.