Quantcast
  

Tuesday, April 15, 2014         

 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

Snapchat suffers security breach

By Barbara Ortutay

AP Technology Writer

POSTED:
LAST UPDATED: 12:38 p.m. HST, Jan 02, 2014


NEW YORK » Snapchat, the disappearing-message service popular with young people, has been quiet following a security breach that allowed hackers to collect the usernames and phone numbers of millions of its users.

Company spokeswoman Mary Ritti said this morning that the company is assessing the situation, but did not have further comment.

As Americans rang in the New Year, hackers reportedly published 4.6 million Snapchat usernames and phone numbers on a website called snapchatdb.info, which has since been suspended. The breach came less than a week after security experts alerted Snapchat of a vulnerability in its system and warned that an attack could take place.

In response to the warning, Snapchat said in a blog post last Friday that it had implemented "various safeguards" over the past year that would make it more difficult to steal large sets of phone numbers. But the measures appear to have fallen short.

The incident bruises the image of a young company that reportedly turned down a $3 billion buyout offer from Facebook last year. According to the Pew Research Center's Internet & American Life Project, 9 percent of U.S. cell phone owners use Snapchat, which amounts to roughly 20 million adults, based on 2012 census data. The Pew study didn't include users under 18, a demographic with which Snapchat is especially popular. The Los Angeles-based company, which has no source of revenue, has not disclosed its own user figures.

What should users do? Gibson Security, the firm that warned Snapchat of the security vulnerability on Dec. 25, has created a site, — http://lookup.gibsonsec.org/ — that lets users type in their username to see if their phone number was among those leaked. Of two user accounts that The Associated Press checked, one was found to have been compromised.

Gibson Security did not publish the last two digits of the phone numbers.

Gibson says users can delete their Snapchat account if they wish, but "this won't remove your phone number from the already circulating leaked database." Users can also ask their phone company to give them a new phone number.

"Lastly, ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up — if you don't think a service requires your phone number, don't give it to them," Gibson said.

This was Gibson's second warning to Snapchat, following one in August that the security firm said was ignored.

"Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them)," Gibson wrote on the Gibson Security website.

The Snapchat breach comes just two weeks after Target was hit with a massive data security breach that affected as many as 40 million debit and credit card holders. Gartner security analyst Avivah Litan, said phone numbers are not considered "sensitive" personally identifiable information — such as credit card or social security numbers — so they are collected by all sorts of companies to verify a person's identity.

A phone number is "not as bad as password or magnetic strip information, but it's the piece of the puzzle that criminals need to impersonate identities," she said.

Regarding Snapchat's response to the warnings, however, Litan added that it "doesn't seem that responsible to be so nonchalant about it."

Christopher Soghoian, principal technologist with the American Civil Liberties Union, agreed.

"The main problem was that they ignored a responsible report by security researchers," he said, adding that his concern is not with the specific database of information that was released, but that Snapchat has "demonstrated a cavalier attitude about privacy and security."

Many people use Snapchat because it feels more private than other messaging apps and social networks. Users can send each other photos and videos that disappear within a few seconds after they are viewed. While the recipient can take a screenshot of the message, a big draw of Snapchat is its ephemeral nature.

"This probably won't be the last problem with Snapchat," Soghoian said. Companies like Microsoft and Google, he added, actively court security researchers and even pay bounties for people to expose flaws in their systems.

"Snapchat may be too small to pay bounties, but they certainly should be treating researchers with respect and addressing issues as soon as they are told about them," he said.







 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
Jerry_D wrote:
Hahahaha! I wonder how this is going to affect SnapChat's value? Dumb@ss cocky kids should have sold this to Facebook and become instant BILLIONaires when they had the chance.
on January 2,2014 | 10:58AM
GONEGOLFIN wrote:
I do not trust any of these e-companies any further than I can spit. They can keep their Facebooks, Twitters, SnapChat......too much potential for fraud representation as evidenced by the recent reports and thefts (ie: Target). It is only a matter of time before a whole collapse of our financial market and infrastructure of our world is compromised by these hackers and fraudsters.
on January 2,2014 | 11:25AM
IN OTHER NEWS
Breaking News
Blogs
Political Radar
HB 1700 — Day 1

Hoops Talk
Aloha Shamburger

Political Radar
Stacked

Political Radar
HFFA

Warrior Beat
All’s fair

Political Radar
Apology

Political Radar
SD 23