An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
Some of Our Sources
- BoingBoing
- Web Designer Wall
- Joshua Blankenship
- Abduzeedo
- TutsPlus - Design
- Inspiredology
- FanExtra - PSD
- My Ink Blog
- Fudge Graphics
- Wal You
Help Webnuz
Referal links:
January 3, 2014 04:21 am GMT
Snapchat has released an official post about the recent leak of 4.6M usernames and phone numbers from its servers. The post blames what it says was ‘abuse’ of its API on the leak, but acknowledges that the way that it stores the information made it possible for a database of numbers to be used to sniff out usernames and match them up. Changes will be made to both Snapchat’s apps and the service in order to prevent future leaks. Snapchat says that it was notified of the possible security risk in August and took some steps to correct it including limiting the speed at which its API could be queried. In what is one of the most cringe-worthy security moves in recent memory, Snapchat posted a responselate last month to claims of risk that outlined just how a hacker might be able to match usernames to phone numbers. In the post, they said “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.” That is exactly what the group behind the leaked SnapchatDB.info database says that they did. The result was a trove of 4.6M Snapchat accounts matched up with usernames and phone numbers. Despite partially redacted phone numbers and usernames, matched conveniently in an online repository, Snapchat says that “no other information, including Snaps, was leaked or accessed in these attacks.” Notably, Snapchat’s public response to this hackingdoes not include an apology of any sort to its users who have had their user names or phone numbers publicly exposed. Perhaps its an effort to avoid an admission of guilt, but it still feels like a bad effort. The person(s) responsible for releasing the names and numbers told Techcrunch that “raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.” The group says that they were following the research of Gibson Security, who gave a detailed account of how such an exploit could be accomplished to ZDNetin late December. The researches came forward after they say that they approached Snapchat and
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/0v2CmFtoTSs/
Snapchat Says Its Improving Its App, Service To Prevent Future User Data Leaks
Snapchat has released an official post about the recent leak of 4.6M usernames and phone numbers from its servers. The post blames what it says was ‘abuse’ of its API on the leak, but acknowledges that the way that it stores the information made it possible for a database of numbers to be used to sniff out usernames and match them up. Changes will be made to both Snapchat’s apps and the service in order to prevent future leaks. Snapchat says that it was notified of the possible security risk in August and took some steps to correct it including limiting the speed at which its API could be queried. In what is one of the most cringe-worthy security moves in recent memory, Snapchat posted a responselate last month to claims of risk that outlined just how a hacker might be able to match usernames to phone numbers. In the post, they said “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.” That is exactly what the group behind the leaked SnapchatDB.info database says that they did. The result was a trove of 4.6M Snapchat accounts matched up with usernames and phone numbers. Despite partially redacted phone numbers and usernames, matched conveniently in an online repository, Snapchat says that “no other information, including Snaps, was leaked or accessed in these attacks.” Notably, Snapchat’s public response to this hackingdoes not include an apology of any sort to its users who have had their user names or phone numbers publicly exposed. Perhaps its an effort to avoid an admission of guilt, but it still feels like a bad effort. The person(s) responsible for releasing the names and numbers told Techcrunch that “raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.” The group says that they were following the research of Gibson Security, who gave a detailed account of how such an exploit could be accomplished to ZDNetin late December. The researches came forward after they say that they approached Snapchat andOriginal Link: http://feedproxy.google.com/~r/Techcrunch/~3/0v2CmFtoTSs/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch