recommended reading

Threatwatch

4.6 million Snapchat accounts exposed

Data dump; Software vulnerability

The release of personal information stored by the text messaging service followed repeated warnings by researchers about vulnerabilities in its database.

On Jan. 2, two days after the hack, officials at Snapchat, a provider of self-destructing communications meant to protect privacy, acknowledged in a blog post that “an attacker released a database of partially redacted phone numbers and usernames.”

Officials claimed that, “no other information, including Snaps, was leaked or accessed in these attacks.”

The hacker dumped the credentials on a site called SnapchatDB.info. In a statement to TechCrunch, the site’s operators said they extracted and posted the credentials to promote cybersecurity.

“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” they stated.

ZDNet first reported last month that Gibson Security researchers published Snapchat code allowing mass matching of phone numbers with names, after Gibson disclosed the flaw to the company in August and did not see adequate fixes.

“Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data,” SnapchatDB.info told TechCrunch after the New Year’s hack. “Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough.”

The hackers said they performed the release in a way that should minimize spam and abuse. They censored the last two digits of the phone numbers but said they might still release the unfiltered data.

Now, Snapchat officials say they will attempt to ensure researchers can reach the company, in the event this happens again.

“We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com,” their blog post states. 

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Social Media

reported

January 1, 2014

reported by

TechCrunch

number affected

4.6 million user accounts

location of breach

Unknown

perpetrators

Hacktivists

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

December 31, 2013

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.