backtop


Print

A site called SnapchatDB.info wants Snapchat to address its security flaws

Snapchat got a huge security wake-up call to the tune of 4.6 million accounts being posted and made available for download.

According to TechCrunch, a site called SnapchatDB.info stored usernames and phone numbers for 4.6 million Snapchat accounts. Some believed this was just a hoax in an effort to call Snapchat out on its security, but the hack has been confirmed as the real deal. 

But the intention was still the same: SnapchatDB.info wanted Snapchat to realize its security flaws and fix it. 

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," said SnapchatDB.info. "It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."

SnapchatDB obtained the information through an identified and patched Snapchat exploit. The domain was created just yesterday.


[SOURCE: threatpost.com]

Gibson Security researchers originally let Snapchat know about the potential for hackers to connect usernames and phone numbers in its database, but Snapchat ignored the warning. Gibson Security then published it publicly on Christmas Eve. 

"We used a modified version of gibsonsec’s exploit/method," said SnapchatDB.info. "Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent."

Here's what Snapchat has to say:

“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.”

Source: TechCrunch





"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini




Latest Blog Posts
Apple in the News
Saimin Nidarson - Apr 4, 2017, 9:03 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki