MacNN Forums (http://forums.macnn.com/)
-   Tech News (http://forums.macnn.com/tech-news/)
-   -   Exploit leads to Snapchat hack, 4.6M usernames, numbers published (http://forums.macnn.com/113/tech-news/507096/exploit-leads-snapchat-hack-4-6m/)

 
NewsPoster Jan 1, 2014 05:54 PM
Exploit leads to Snapchat hack, 4.6M usernames, numbers published
A flaw in ephemeral messaging service Snapchat's API has been exploited, and the phone numbers and usernames of some 4.6 million users are now on a site called SnapchatDB.info. <em>The Washington Post</em> <a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/01/a-snapchat-security-breach-affects-4-6-million-users-did-snapchat-drag-its-feet-on-a-fix/">reported</a> on Wednesday</a> on the hack, noting that Snapchat users can look up whether their accounts are among the affected by going to <a href="http://lookup.gibsonsec.org/">this site</a>. The API vulnerability was <a href="http://www.electronista.com/articles/13/12/26/ephemeral.message.service.senders.privacy.potentia lly.in.danger/">publicized last week</a>, and Snapchat later stated that it had made the hack "more difficult to do" in response. <br /><br />The hackers, though, still managed to access millions of user accounts. In a <a href="http://macnn.com/rd/301563==http://techcrunch.com/2013/12/31/hackers-claim-to-publish-list-of-4-6m-snapchat-usernames-and-numbers/?utm_campaign=fb&ncid=fb" rel='nofollow'>statement</a> to <em>TechCrunch</em>, SnapchatDB said the hack was accomplished using a modified version of the previously publicized method. The hackers' motivation, though, was to increase security. <br />
<br />
<div align='center'><img src='http://photos.macnn.com/article_images/1388612932-md-snapchat_oops_1411.png' style='max-width: 100%;' alt='' border='0' pagespeed_url_hash="3888620571"/></div><br />
<br />
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."<br />
<br />
Snapchat DB apparently censored the last two digits of the hacked phone numbers in order to minimize spam and abuse. <br />
<br />
While it did reveal no small amount of user information, the breach did not affect Snapchat's primary function. The service allows users to send image and video messages that self-delete a few seconds after they are opened. Security experts, though, say that coded scripts harvesting user data could "automatically build profiles about users, which could be sold for a lot of money."
 
sammaffei Jan 2, 2014 08:48 AM
I guess they should have taken that $3 Billion that Facebook offered them. Now, this exploit makes the service worth far less. D'oh!
 
All times are GMT -4. The time now is 03:38 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2