Snapchat, Skype each ring in the new year with a hack
Two major tech companies started out the new year with new cybersecurity bungles. On Tuesday night, Snapchat was hacked, leading to a leak of millions of users鈥 information, and on Wednesday Skype鈥檚 social media accounts and blog were hacked by the Syrian Electronic Army (SEA).
Late on Tuesday night hackers accessed and posted 4.6 million Snapchat usernames and phone numbers to a downloadable database called Snapchat.DB, . As of Wednesday morning the database was taken off-line.
Those behind Snapchat.DB the attack was meant to highlight Snapchat鈥檚 vulnerabilities and reprimand the service for not being more scrupulous with user privacy.
听
"Even now the exploit persists," said the anonymous person or persons behind Snapchat.DB, in a statement. "It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent."
Snapchat was initially warned of an attack as early as a week ago, when an online security firm alerted the tech company of potential vulnerabilities. Snapchat on Dec. 27 that warned users about this issue, but it insisted the company was working to patch the weak spots.
So who is affected by the hack? If you elected to include your phone number in your Snapchat account, it could be you. The 鈥淔ind Friends鈥 feature of the instant photo-messaging service offers a way for people to create new Snapchat contacts through uploading a user's address book to the service in order to see if the user鈥檚 phone contacts also have the service. If a user added his or her phone number to Snapchat, that user is searchable by that phone number, and could have been vulnerable in the attack.
The security group that alerted Snapchat to the attack, Gibson Security, saying that though there isn鈥檛 a way to take your phone number off the database, users can delete their Snapchat account or request a new phone number from their phone company. It also compiled the usernames affected in the attack, so you can see if your data was breached through its site.
Snapchat explains in the initial blog post that information is not normally accessible. 鈥淲e don鈥檛 display the phone numbers to other users and we don鈥檛 support the ability to look up phone numbers based on someone鈥檚 username,鈥 it says.
But Snapchat wasn鈥檛 the only one dealing with security issues as revelers rang in 2014. On Wednesday, the Twitter account of Microsoft-owned video calling service Skype was hacked by SEA allegedly in retaliation for Microsoft鈥檚 collaboration with the National Security Agency.
Throughout Wednesday, @Skype displayed messages warning Microsoft users of surveillance.
鈥淒on鈥檛 use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments.More details soon #SEA,鈥 read the @Skype account at 1:34 pm EST on Wednesday, . The Skype Facebook page as well as a page of the company鈥檚 blog also displayed similar messages.
By 8 p.m., Microsoft released a statement that accounts were back under control.
This is an unexpected target for the hacking collective, which supports Syrian President Bashar al-Assad, as previously they have hacked into the websites of news outlets they deem supportive of the Syrian rebellion.
