Snapchat Hack! 4.6 Million Users Exposed
Snapchat, the relatively new picture sharing platform, is the latest company to reveal that their security has been breached, with 4.6 million usernames and phone numbers exposed. Another site, SnapchatDB.info, has made this confidential information available for download.
The folks behind SnapchatDB say they hacked the site to show that there are security issues with the site.
“It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” reads a statement from the hacker site. (via TechCrunch)
“We used a modified version of gibsonsec’s exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data,” the statement continues.
Indeed, there was a story on ZDNet just the week before, reporting that Gibson Security had discovered the security hole that would allow for “mass matching of phone numbers with names and mass creation of bogus accounts.” The article says the issue was revealed back in August and could be fixed “with 10 lines of code.”
Snapchat initially responded to the Gibson findings with a blog post that ended with:
Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.
Now that an attack has actually happened, the company hasn’t said anything. Curious.
Two lessons from this incident. First, we’ve gotten to the point where we should take a closer look at the security set up of an app or new social media platform before jumping all over it. We all now have at least two accounts somewhere on social media, so we shouldn’t be in such a rush to add another. Learn a little, let the early adopters and critics take a whack at it, and then join if you like.
Second, as we’ve said a few times before, learn how to code! This is a skill that is proving itself to be increasingly important and demand will only rise.