Snapchat hacked

Kat

Administrator
Staff member
1 January 2014

Snapchat hack affects 4.6 million users

http://www.bbc.co.uk/news/technology-25572661

The usernames and phone numbers for 4.6 million Snapchat accounts have been downloaded by hackers, who temporarily posted the data online.

A website called SnapchatDB released the data but censored the last two digits of the phone numbers.

It has since been taken offline but a cached version is still available.

The hack comes days after an Australian firm, Gibson Security, warned of vulnerabilities in Snapchat's app which it said could be exploited by hackers.

Gibson Security said it was not involved in the hack: "We know nothing about SnapchatDB, but it was a matter of time till something like that happened," the firm tweeted.

The hackers behind the website that published the data said they had exploited the security flaw highlighted by Gibson Security.

"We used a modified version of gibsonsec's exploit/method," they were quoted as saying by tech blog, Tech Crunch.

Stronger safeguards?
Snapchat has grown in popularity as an app that allows people to share pictures, safe in the knowledge they delete themselves after being viewed.

It has a feature called Find Friends, which allows users to upload their address book contacts to help find friends who are also using the service.

In its report published on 25 December, Gibson Security warned that a vulnerability on the Snapchat app could be used to reveal the phone numbers of users.

The firm said it had first warned Snapchat about this four months ago, adding that "nothing had been really been improved upon".

Vulnerability
Gibson claimed that it had been able to crunch through ten thousand phone numbers of Snapchat users "in approximately 7 minutes on a gigabit line on a virtual server".

In response to the Gibson report, Snapchat acknowledged a potential vulnerability but said it had taken measures to protect user data.

Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way," it said in a blogpost last week.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

However, the hackers behind the SnapchatDB, the site that published the phone numbers, said the measures were not strong enough.

"Even now the exploit persists. It is still possible to scrape this data on a large scale," they claimed.

"Their latest changes are still not too hard to circumvent."
 

Jessica

Administrator
Staff member
Gerry Smith
Gerald.Smith@huffingtonpost.com

Snapchat Hack Shows Tech Firms Just Aren't Listening On Security

Posted: 01/03/2014 5:41 pm EST

http://www.huffingtonpost.com/2014/01/03/snapchat-hack_n_4537635.html

For months, a group of security researchers warned that a major security flaw with the popular photo messaging app Snapchat could allow hackers to steal users' personal data. But researchers at Gibson Security say the company never fixed the problem, and this week hackers stole the phone numbers and usernames of millions of Snapchat users and posted them online.

Snapchat's failure to address the flaw is just the latest example of tech companies ignoring security warnings, either because they're too busy or because they think it's unlikely such an attack will occur, experts say. But hackers keep exploiting such flaws, putting these companies and their customers at risk....
 

Central Scrutinizer

Administrator
Staff member
Snapchat Finally Apologizes, More Than A Week After Hack

The Huffington Post | By Alexis Kleinman Posted: 01/09/2014 11:34 am EST

http://www.huffingtonpost.com/2014/01/09/snapchat-apologizes_n_4568669.html

Better late than never.

More than a week after 4.6 million Snapchat accounts were hacked, the company has decided to apologize. "We are sorry for any problems this issue may have caused you and we really appreciate your patience and support," "Team Snapchat" wrote in a company blog post Thursday.

The post also announced that its has released an update to the app that is supposed to protect users from future hacks.

Snapchat CEO Evan Spiegel has been criticized for not immediately apologizing when it was first revealed on Dec. 31 that hackers released millions of users' names and phone numbers. ....
 

De Master Yoda

Emeritus
Snapchat settles charge it deceived users.

Alert here: http://antifraudintl.org/showthread.php?77188-Self-destructing-photo-app-keeps-deleted-images-in-hidden-file&p=217389&highlight=snapchat#post217389

UPDATE:
https://au.finance.yahoo.com/news/snapchat-settles-charge-deceived-users-224125678.html

Snapchat settles charge it deceived users
AAPAAP – 4 hours ago

US regulators have announced a deal with Snapchat to settle a charge that the internet firm misled users into believing images sent over the popular phone application disappeared permanently.

Terms of the proposed settlement include Snapchat ramping up privacy and security at its popular self-destructing messaging service and having an independent monitor track its efforts for the next 20 years.

The Southern California-based service gained notoriety for the app that lets people send smartphone photos or video snippets timed to self-destruct 10 seconds or less after being opened.

Snapchat rocketed to popularity after the app was released in September 2011. Its growth initially sparked fears that in a world of selfies, it would provide a false sense of security for teenagers thinking of sexting risque photos.

The US Federal Trade Commission said it had launched an investigation into whether Snapchat was not up front about how much data it collected from users, how well it protected them, and whether disappearing messages could be copied or resurrected.

"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," FTC chairwoman Edith Ramirez said.

An FTC complaint charged that Snapchat misled users on several fronts, including how "ephemeral" smartphone pictures or video snippets, referred to as "snaps", actually are.

Snapchat boasted of letting people send images that "disappear forever" seconds after being viewed by recipients, neglecting to inform users there are ways people can save pictures indefinitely, the FTC says.

People who get snaps can use third-party applications to save images, grab screen shots, or even just take another picture using a camera.

Concerns expressed by regulators included the extent to which snaps could be erased after viewing; how well Snapchat lets senders know when messages intended for destruction were saved, and how open it is about information it collects from users.

The FTC complaint contended that Snapchat gathered contact information from address books of people accessing the service form iPhones, iPads, or iPods without telling them.

Regulators blamed Snapchat's failure to effectively secure a Find Friends feature for allowing hackers to breach its database and steal user names and phone numbers of about 4.6 million users.

No fines were announced, but Snapchat could be hit with financial penalties if it doesn't stick with the conditions it agreed to in the settlement, the FTC says.
 
Top