Snapchat and Target: Hacked!
On Dec. 19, the Minneapolis-based retail giant, Target, announced that it had fallen victim to a security breach. The breach affected customers who had shopped from Nov. 27 to Dec. 15 and put them at risk for having their credit card number and CVV code compromised, although according to PCMag.com, the pin numbers were kept safe.
Thirteen unlucky days later, the up-and-coming social media app, Snapchat, was attacked, with 4.6 million usernames and phone numbers being put online for download. While not much about the Target leak is known other than that the problem has been fixed, Snapchat continues to face problems as the hackers are claiming to be making a political statement.
On Aug. 27, 2013, a student-run security group named Gibson Security tried to warn Snapchat that they didn’t have a secure enough system. Fast forward to Christmas Eve, eight days before the attack, Gibson did a follow-up warning saying that Snapchat’s Find Friends feature wasn’t secure and put its users at risk of an attack.
Snapchat responded to Gibson’s warning on Dec. 27 in a blog post on their website. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
Less than a week later, that’s exactly what happened when a group of anonymous hackers took 4.6 million phone numbers hostage, regardless of any new safety features Snapchat may have implemented.
Target was attacked under very different circumstances. No one knew of the attack until the problem had been identified and fixed by Target, who was quick to apologize, provide assistance, and offer a ten percent off discount at their stores that ran from Dec. 21 to Dec. 22.
Unfortunately, according to PCMag.com, Target has failed to identify their culprit thus far.
Snapchat faces an entirely different beast, as the company has failed to apologize to their users and seems to be dealing with much more politically inclined hackers.
While the culprit of the Snapchat case hasn’t been identified specifically, they are loud and proud of what they have done. The numbers are available for download at SnapchatDB.info, but according to the hackers, the last two numbers have been blurred out to protect the identities of the users. This hack apparently is supposed to serve as a warning to any company that has access to a wealth of user’s personal information.
The hackers released a statement supposedly justifying their efforts. “This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”
The previously mentioned Gibson Security group has stayed on the case. On a website called lookup.gibsonsec.org, they are providing a service that Snapchat users can type their usernames into to see if their information was compromised.