Many people see Snapchat as one of the four horsemen of a coming tech-pocalyse, a bubble burst that will make the "Dot Com" collapse look like a minor ripple. It's an app, worth $3 billion or so, that does one simple thing: it allows you to send and receive self-destructing pictures to each other.
Typically, that means snapshots of naughty bits.
It's allegedly worth the money because of its immense popularity. Will this massive hack, of 4.6 million usernames and phone numbers, harm that popularity? Will users still send selfies when their service provider failed to patch a known security flaw that they knew about for months? And should you, avid Snapchatter, be worried?
Right around Christmas time, security researchers, from the Gibson Security team, posted details of two security flaws that they discovered with Snapchat. They claimed that they reported their findings to Snapchat months before, but the exploits, which make it possible to dig out usernames and phone numbers, or to create masses of dummy accounts, were not addressed.
Snapchat responded with a blog post that admitted that such an exploit was possible, but that it was no big deal. Days later, some unidentified hacker proved that it was a big deal, and that hacking the database was a snap (zinger!), by pulling 4.6 million usernames and phone numbers off of the database. He/she/it then posted the data online, with the last two digits of each phone number obscured.
The hacker (or hackers) claims that the deed was done to push Snapchat to fix its security, yet he or she (or they) are also offering the uncensored version of the database for sale to interested parties, reports The Verge.
How Does This Effect You?
Do you use Snapchat? How about your children? The app is huge amongst teens. You can use Snapcheck.org to see if your phone number is part of the leak.
The good news is, no passwords were hacked or leaked. Hopefully, this means no one will be sneaking into your account and using that new replay feature to view old naughty pics. The real threat is dummy accounts and spam. Sending someone a snap is as simple as entering their phone number and/or username. Spammers, who have access to the entire list, can theoretically send self-destructing snaps to 4.6 million people. And unlike email, the recipient is almost guaranteed to open an incoming picture message.
The Real Loser
Snapchat. The $3 billion app, with no revenue stream, whose entire valuation is based on its massive user base, just ignored security flaws that it allegedly knew about for months. Add that new feature, that allows you to resurrect old snaps, and the app loses a lot of its luster. After all, the appeal of Snapchat is secure, temporary picture messaging. Now, it seems, that it is neither.
Want more? Follow us on LinkedIn.
- Snapchat hacked days after being warned it could be hacked (Los Angeles Times)
- Pres. Obama's Twitter Account Hacked: Is Anyone Completely Safe? (FindLaw's Technologist Blog)
- LexisNexis, Kroll, D and B Hacked by Identity Thieves (FindLaw's Technologist Blog)
- FindLaw's Legal Technology Center (FindLaw)