Snapchat is, undeniably, one of the great tech success stories of 2013. The photo sharing app, known for it’s deletion of photos once viewed, gained so much popularity this past year that Facebook offered the founder an astounding $4 billion to sell—4 times the amount they paid for Instagram back in 2012.
Unfortunately, 2014 may not hold the same promise for Snapchat. As the app has grown, it has already faced a number of security concerns, such as the possibility for users to save pictures sent through the app without a sender’s knowledge. And as we usher in a New Year, it appears as though Snapchat may be facing its biggest obstacle yet—the leak of 4.6 million phone numbers and associated user names. The most interesting thing about this breach? Snapchat ignored all warning signs.
In August, an Australian security research team called Gibson Security published a report detailing a very specific security vulnerability in Snapchat. Through this vulnerability, they said it was possible to hack into the app and extract phone numbers and usernames. Despite bringing this security flaw to Snapchat’s attention, Gibson Security failed to receive a response from the company.
On December 24, 2013 the Gibson researchers decided to take their warning a step further, and published the details for the above mentioned security vulnerabilities—including code on how to access phone numbers and create loads of dummy accounts for spam purposes. With the information now accessible to anyone with the technical know-how, Gibson Security hoped that Snapchat would address the concerns and ensure that their users’ data be kept secure.
Sure enough, Snapchat responded to Gibson Security on their blog a couple of days later. The post acknowledged that a phone number leak was “theoretically” possible, but said that it had “added additional counter-measures and [would] continue to make improvements to combat spam and abuse.” The response from Snapchat made the security vulnerability seem almost insignificant, as the company brushed off rumors—but failed to release an update for the app.
And then came the leak. On January 1, Snapchat users woke up to the jilting news of a hack—discovering that their phone numbers and user name information may have been posted on a website called SnapchatDB.info. Despite initial panic, it is now known that the phone numbers published were incomplete, as the hackers left off the last two digits of each number they published. The group has since taken down their database.
So why did the hackers behind this massive data dump do it? The individuals claiming to be behind the hack stated to The Verge: “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed.”
Once again we see an example of “hacking for the greater good.” This is the second time kind-minded individuals have hacked into Snapchat for no other reason than to demonstrate the security vulnerabilities present—and to get Snapchat to act on these vulnerabilities. Despite failing to respond appropriately to these real security threats before they happened, Snapchat appears to be taking this latest breach very seriously. In a blog post published yesterday, Snapchat promised to issue an update preventing anything like this from happening again.
Regardless of Snapchat’s apparent neglect to their own app’s security, smart personal security decisions can help in cases like this, as those who did not link their Snapchat account with their phone number were not affected by the leak. Here are a few additional tips for staying secure while using mobile apps.
- Know your apps before you download. It’s easy to get caught up in the latest app craze and forget about protecting yourself. Be sure you understand all the data that an app is asking for before you download. It pays to be extra cautious when sharing photos, videos, and your phone number. McAfee® Mobile Security will let you know if an app appears to be requesting a disproportionate amount of data.
- Check your privacy settings. Even though Snapchat doesn’t offer much in the way of privacy settings, it’s a good lesson to keep your personal data private when using other social networking apps such as Instagram or Facebook. Smartphones make it easier than ever to share more than ever from your device, but you don’t want to be sharing with the wrong people.
- Look out for app updates. When a company releases a new version of their app, they usually do so for two reasons—to update app features and security issues. Stay on top of your updates and you’ll stay ahead of security flaws, most of the time. As mentioned above, Snapchat intends to release an update to their app that will fix this flaw in security.
- Install comprehensive security software. McAfee LiveSafe™ service can protect your home and mobile devices from security vulnerabilities in all of your apps, and across all of your personal devices (PC and mobile). Install it today to avoid mobile malware, viruses, or other hacking attempts.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.