How did Snapchat get hacked?

Already, 2014 has started off with a data breach – on New Year’s Day, Snapchat, a popular social network for photo messaging, fell victim to a hack attack. A website called posted the usernames and redacted photo numbers of about 4.6 million people using the service.

And apparently, Snapchat knew for months it had a security hole. In August 2013, a small  Australian security group called “Gibson Security” told Snapchat there were issues, and it published a full account of security vulnerabilities that hackers could potentially exploit – and in this case, did exploit. However, Snapchat didn’t respond to the group until Dec. 28, 2013.

While Gibson Security said it doesn’t have anything to do with SnapchatDB, nor does it condone its actions, one of the members of Gibson Security exchanged emails with Forbes’ J.J. Colao to explain how this happened. Writing anonymously, he or she says their post about the vulnerability indicated it’d be easy enough for hackers to access the social network’s database through its Find Friends feature.

The feature lets users upload their phone’s contacts to Snapchat, making it easier for them to find contacts who are also Snapchat users. It sounds convenient, but if someone uploaded a huge set of phone numbers, like every number in the U.S., it’d be possible to create a database of the results and match usernames to phone numbers – and that may have been what happened.

“With Snapchat responding like it is, it might be the wake up call it needs,” the source said in an email. He or she adds Gibson Security is made up of three friends, students who lack any formal training. But they were still able to upload a huge amount of numbers in just minutes.

“We were able to crunch through 10,000 phone numbers (an entire sub-range in the American number format (XXX) YYY-ZZZZ – we did the Z’s) in approximately seven minutes on a gigabit line on a virtual server,” the group said, adding that hackers could tweak the system to upload 10 million numbers a day, if they so chose.

For more, click the “Original Article Source” link.

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web