Snapchat Knew It Was Vulnerable To Hackers In August But Denied There Was A Problem
4.6 million customer usernames and phone numbers. Given that Snapchat's entire reason for being revolves around security - it's a safe way to send a photo or a message that no one else will see because the message permanently deletes itself after it is viewed - security breaches are Snapchat's worst nightmare.
The vulnerability in Snapchat was revealed to Snapchat back in August by Gibson Sec, a group of white hat (i.e. "good guy") students interested in hacking and security. Gibson Sec had discovered that it was able to access Snapchat's API, which is like the front door to the Snapchat platform. Gibson Sec warned Snapchat that it was vulnerable to anyone else who could be bothered to do the same thing, but Gibson Sec says Snapchat ignored their warnings.In an attempt to force Snapchat into action, Gibson Sec published details of the vulnerability on Christmas Day.
Two days later, on Dec. 27, Snapchat made its first statement on the matter, and basically denied that user names and phone numbers were up for grabs by hackers. It came in a blog post titled, "Finding Friends with Phone Numbers." That title, of course, is incredibly misleading. Something like "Warning to users about security breach" would have been more useful.In the rest of the post, Snapchat describes how it believes that your phone numbers are not vulnerable to hackers: We don't display the phone numbers to other users and we don't support the ability to look up phone numbers based on someone's username.
Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.
Not quite.As if to prove Snapchat wrong, four days later, on Jan. 31, hackers published 4.6 million user names and phone numbers publicly. You can use this site to see if your name is on the hacked list.
And still Snapchat hasn't given its users any advice on what to do if they believe their info is vulnerable. Nor has it reassured users about whether they are in any danger. So far, it looks as if there is little danger from hackers knowing your phone number but ... who knows?
If you dig around in Snapchat's support site, you do get this advice:For security reasons, it is currently not possible to change the username for an existing account. If you wish, you may delete your account and create a new one.
Snapchat is a very young company, a startup. So we must expect it to make mistakes. And it is not Snapchat's fault that it has been hacked - that is the fault of the hackers.But CEO Evan Spiegel needs to learn that there is more to running a startup than just coming up with cool new features for your app and putting the phone down on Mark Zuckerberg: Security is the heart of the Snapchat offering.
Lose that, and the whole business is toast.
- Here’s how to recharge your Reliance Jio on WhatsApp
- India may classify Bitcoin as an asset class, but that may not solve the underlying problem
- Facebook rolls out new chat themes and payment options in Messenger app for US users
- Dodla Dairy's ₹520 crore IPO isn't to expand into new markets but to strengthen its foothold where it already exists
- Sun TV Network's advertising revenue shrinks, but profit jumps 11% on subscriptions