It has been revealed that Snapchat has suffered a cyber attack resulting in over 55,000 users being exposed. The phishing attack tricked users into handing over their credentials including passwords, which eventually made their way onto a public website. IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“Attacking the human through phishing or other techniques has remained a constant attack vector over the years. While Snapchat is predominantly a consumer tool, if users have reused credentials, it is possible they can be used to attack corporate accounts. Therefore, user awareness is essential to protect attacks against both business and personal apps. Furthermore, businesses should invest in controls to be better placed in order to better detect and respond to such attacks when they occur.”
.
Mark James, Security Specialist at ESET:
“It’s bad enough if you get hacked and someone steals your logon credentials to use elsewhere, but more and more of these “hacks” are no more than being tricked into logging into a website using your actual username and password- this of course is the same as literally handing over your logon credentials to a stranger; they then use your details for their own nefarious purposes. Often these links or websites look very lifelike and in some instances you could be forgiven for being tricked, but there is an easy way to stop this- by using two or multi factor authentication, you could limit any damage caused by being tricked. Yes of course they have your login and password, but being as though you understand the importance of not reusing any password on other sites, they can do nothing with it because they do not have your authenticator!
Whenever someone tries to log in from an unknown device it asks for a code to validate the user, you generate the code using an app and add this after your username and password, thus proving you as the owner; it’s simple, quick and WILL protect your details from thieves or scammers- and it’s free.”
Lee Munson, Security Researcher at Comparitech.com:
“The fact that tens of thousands of Snapchat users have had their credentials swiped is hardly surprising as phishing emails catch out millions of people every year. It’s also unsurprising that someone decided to publish those credentials on the web either – criminals are always looking to make money or cause mischief, one way or another.
The worrying thing about this news, however, is the fact that many of the published email addresses and passwords will have been used for many different accounts, meaning the victims will be at risk of multiple account hijacks, potentially leaving themselves open to identity theft and other types of fraud.
The obvious solution for victims of this phishing campaign is to change their passwords on all accounts where the same credentials have been used, making sure that they then use a different password for every account this time around.
If that sounds like an extremely tricky proposition, especially considering how many accounts everyone has these days, the simple answer is to use a password manager that can both generate and store as many passwords as required.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.