Hacky New Year, Snapchat and Skype

Another day another story -- or two -- of the hacking of well-known brands. This time, itEUs Snapchat and Skype. Reports circulated on Tuesday night that as many as 4.6 million Snapchat usernames and phone numbers have been posted online as a downloadable database, apparently by the same hackers who breached the companyEUs security.

By Wednesday morning, the site where the data was posted had been taken down, and the posting said that the information EUwas being shared with the public to raise awarenessEU of a security issue on the site. The last two numbers of the posted phone numbers were EUcensored,EU the hackers said, in order to EUminimize spam and abuse.EU But it invited visitors to EUask for the uncensored database,EU which the hackers said they might release EUunder certain circumstances.EU

Find Friends Feature

The vulnerability in question, made public by security firm Gibson Security, is one the company has known about, as it noted in a post on the official company blog on December 27. It described a Find Friends feature that allows users to upload address book contacts and then find the Snapchat accounts matching the phone numbers in the address book, if the Snapchat accounts have uploaded an optional phone number.

EUTheoretically,EU the posting noted, EUif someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.EU

In the December 27 posting, the company said it had implemented various safeguards in the past year to make this kind of match EUmore difficult to do,EU but, as evidenced by the posted 4.6 million usernames and phone numbers, apparently not difficult enough.

But, if itEUs any consolation to up-and-coming Snapchat, the venerable technology...

Comments are closed.