Snapchat, Skype security breach reported
BY NANCY BLAIR AND BRETT MOLINA Gannett News Service January 1, 2014 11:28PM
A pair of popular tech services, Snapchat and Skype, are having a difficult start to the New Year.
Several million usernames and phone numbers for the mobile messaging service Snapchat were apparently leaked online late Tuesday night.
Several outlets including The Verge reported that 4.6 million usernames and phone numbers were posted as a downloadable database by so-far anonymous hackers. The site where the database was posted appeared to be down on Wednesday morning.
Snapchat warned of this potential scenario days before in a blog post, saying a security group had alerted it about a potential vulnerability “by which one could compile a database of Snapchat usernames and phone numbers.”
Snapchat is a popular messaging app that lets users send each other photos that quickly disappear.
In its blog post of Dec. 27, Snapchat described how its Find Friends feature allows users to upload their contact lists to Snapchat as a way of linking up friends.
The company said it had implemented safeguards making an exploit “more difficult to do.”
Meanwhile, the official blog and social network accounts for Microsoft’s Web calling service Skype appear to have been breached.
A post published Wednesday on the official Skype blog featured the headline, “Hacked by Syrian Electronic Army . . . Stop Spying!”
Two tweets attributed to the SEA were posted on Skype’s official Twitter account. “Stop Spying on People! via Syrian Electronic Army,” reads a portion of one of the tweets. And Skype’s Facebook page hosted the message: “Don’t use Microsoft emails (hotmail,outlook), They are monitoring your accounts and selling it to the governments,” with the hashtag “#SEA.”
The message on Facebook has been deleted, while the company’s blogs redirect visitors to the Skype home page.
Neither Snapchat nor Skype responded to immediate requests for comment.
The breaches are the latest in what has become a growing problem for Web services, retailers and consumers. Last month, Target reported the theft of some 40 million credit and debit cards used in its stores from Black Friday through Dec. 15.
Any website with a large following is ripe for cyberthieves as they rely more on data and glean more customer information, says Siobhan MacDermott, a leading cybersecurity consultant.
“Snapchat is running and growing at the speed of sound, on a skeleton team, trying to make a big splash in the social market, so it’s unlikely it’s paid much attention to security,” says Steve Wilson, principal analyst at Constellation Research.
Phone numbers are important data for establishing identity at call centers, so they’re valuable to criminals in social-engineering attacks, Wilson says. A criminal with several data sets can use phone numbers to correlate user names to real names and other records, making it easier to assume real-world identities at banks, government agencies, employers and elsewhere.
Zack Fasel of consulting firm Urbane Security says the information found in this database could be used to target users through “malicious e-mails or ‘phishing’ text messages claiming to be from Snapchat.”
Contributing: Jon Swartz