HACKERS SWIPED credentials from more than 50,000 Snapchat users in a phishing attack last year that has just come to light.
Last July, according to The Verge, Snap’s director of engineering Chad DePue sent an email around the company noting a threat against its user’s privacy had been flagged by a government official in Dorset.
Apparently, a website called phishing klkviral.org had published a list of credentials, including usernames and passwords for 55,851 Snapchat accounts.
While not all of the account credentials were legitimate, Snap still rushed to resent the passwords of thousands of Snapchat users. Yet, for an undisclosed amount of time, those users had their Snapchat account credentials exposed to anyone who caught a glimpse at the list.
Naturally, this was a serious case of cybersecurity borkage, with the attack apparently relying on users to click a link sent to them through a compromised Snapchat account which presented them with a fake login in screen that hoovered up their credentials once they were entered.
The attack seems to have stemmed from a previous cybersecurity incident Snapchat encountered that is believed to have been coordinated from the Dominican Republic, The Verge reported.
“We are very sorry when anyone is tricked by phishing,” a Snap spokesman said.
“While we can’t prevent people from sharing their Snapchat credentials with third parties, we do have advanced defences to detect and prevent suspicious activity. We encourage Snapchatters to always use strong passwords, enable login Verification, and never use third-party apps or plugins.”
Social media and app firms generally scan links for signs of phishing and other security-breaching nasties. But despite its use of machine learning tech and its record for blocking malicious links, it would appear that there have been some security slip-ups on Snap’s end.
You may wonder why anyone would want the credentials of Snapchat users, who according to our very basic research tend to be teenagers or so-called Instagram models looking to attract followers by snapping scantily clad pics with superimposed dog ears and animated tongue.
But aside from wreaking havoc, compromised Snapchat accounts could be used to extract recycled passwords and usernames from other sites, conduct social engineering on other users who might think they are Snapchatting to a friend and not a cyber deviant, or exploit Snapchat’s new Snapcash money sending feature, currently only available in the US.
Taking precautions with mobile and social app security can help mitigate such problems, but a lack of vanity or having the face of a soundly downtrodden troll, thereby keeping you away from Snapchat and similar apps can also help. µ
Source : Inquirer