data breach

Snapchat Breach: What to Know, What to Do

As you may have heard, Snapchat suffered a data breach on Tuesday, reportedly exposing 4.6 million user names and phone numbers and hosting them on SnapchatDB.info. For some time, security

Katherine Boucher
January 3, 2014

As you may have heard, Snapchat suffered a data breach on Tuesday, reportedly exposing 4.6 million user names and phone numbers and hosting them on SnapchatDB.info.

Photo Credit: Mashable.com

For some time, security professionals have been skeptical about the security, or lack of security, with the popular app and voiced it to Snapchat. So it may or may not be a surprise that this type of breach has occurred.

According to Kaspersky Lab Principal Security Researcher, Roel Schouwenberg, the attackers in the Snapchat incident made full use of the Snapchat API and were able to retrieve usernames by guessing phone numbers.

“Given the ease of the attack and the amount of time that it’s been known for, about half a year, it’s a pretty safe bet to assume at least all the U.S. phone numbers have been tried and mapped,” Schouwenberg said.

So what exactly could the attackers do with this information? Schouwenberg said that the frequent re-using of usernames could provide the opportunity for secondary attacks. “If the attacker is able to craft a profile of the target they could then use the collected phone number to pretend they’re the bank. Alternatively the phone number could be used in a phishing message to give the message extra credibility. These are just a few small examples. There are a lot of possibilities for the attackers so it’s important to be vigilant, especially as the information that’s out there can’t be easily changed. A credit card compromise is inconvenient, but ultimately a card is easily replaced. The same doesn’t apply to a phone number.”

A credit card compromise is inconvenient, but ultimately a card is easily replaced. The same doesn’t apply to a phone number.

If you are a Snapchat user, Schouwenberg offers the following advice, “Most importantly this should serve as another reminder that people should have very little expectations of anonymity online. It’s definitely a lot easier finding out someone’s real identity when you have their phone number. Therefore always try to use unique usernames.”

Mashable also provided a link for a website that lets you know if your email address was taken.

According to USA Today, Snapchat says it plans to release a new version of the app that will allow users to opt out of the ‘Find Friends’ feature, which was exploited by the hackers.

Security Forecast 2014

In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage, with cyber-mercenaries/cyber-detectives playing an active role in such attacks. The full report is

Free Tools

TARGETED SECURITY SOLUTIONS

INDUSTRIES

Snapchat Breach: What to Know, What to Do

What is the cost of a data breach?

Equifax hacked — what can you do?

Security Forecast 2014

Tips

Advertisers sharing data about you with… intelligence agencies

Watch the (verified) birdie, or new ways to recognize fakes

Switching to Kaspersky: a step-by-step migration guide

Is it the boss – or is it a fraudster? Scams disguised as urgent orders from top brass

Sign up to receive our headlines in your inbox

Home Products

Small Business Products

Medium Business Products

Enterprise Solutions

Securelist

Eugene Personal Blog

Encyclopedia