Snapchat, Skype each ring in the new year with a hack
Two major tech companies started out the new year with new cybersecurity bungles. On Tuesday night, Snapchat was hacked, leading to a leak of millions of users’ information, and on Wednesday Skype’s social media accounts and blog were hacked by the Syrian Electronic Army (SEA).
Late on Tuesday night hackers accessed and posted 4.6 million Snapchat usernames and phone numbers to a downloadable database called Snapchat.DB, according to The Verge. As of Wednesday morning the database was taken off-line.
Those behind Snapchat.DB told The Washington Post the attack was meant to highlight Snapchat’s vulnerabilities and reprimand the service for not being more scrupulous with user privacy.
"Even now the exploit persists," said the anonymous person or persons behind Snapchat.DB, in a statement. "It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent."
Snapchat was initially warned of an attack as early as a week ago, when an online security firm alerted the tech company of potential vulnerabilities. Snapchat wrote a blog post on Dec. 27 that warned users about this issue, but it insisted the company was working to patch the weak spots.
So who is affected by the hack? If you elected to include your phone number in your Snapchat account, it could be you. The “Find Friends” feature of the instant photo-messaging service offers a way for people to create new Snapchat contacts through uploading a user's address book to the service in order to see if the user’s phone contacts also have the service. If a user added his or her phone number to Snapchat, that user is searchable by that phone number, and could have been vulnerable in the attack.
The security group that alerted Snapchat to the attack, Gibson Security, released a statement saying that though there isn’t a way to take your phone number off the database, users can delete their Snapchat account or request a new phone number from their phone company. It also compiled the usernames affected in the attack, so you can see if your data was breached through its site.
Snapchat explains in the initial blog post that information is not normally accessible. “We don’t display the phone numbers to other users and we don’t support the ability to look up phone numbers based on someone’s username,” it says.
But Snapchat wasn’t the only one dealing with security issues as revelers rang in 2014. On Wednesday, the Twitter account of Microsoft-owned video calling service Skype was hacked by SEA allegedly in retaliation for Microsoft’s collaboration with the National Security Agency.
Throughout Wednesday, @Skype displayed messages warning Microsoft users of surveillance.
“Don’t use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments.More details soon #SEA,” read the @Skype account at 1:34 pm EST on Wednesday, according to screenshots by NBC News. The Skype Facebook page as well as a page of the company’s blog also displayed similar messages.
By 8 p.m., Microsoft released a statement that accounts were back under control.
This is an unexpected target for the hacking collective, which supports Syrian President Bashar al-Assad, as previously they have hacked into the websites of news outlets they deem supportive of the Syrian rebellion.
