It has been revealed that Snapchat has suffered a cyber attack resulting in over 55,000 users being exposed. The phishing attack tricked users into handing over their credentials including passwords, which eventually made their way onto a public website. IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“Attacking the human through phishing or other techniques has remained a constant attack vector over the years. While Snapchat is predominantly a consumer tool, if users have reused credentials, it is possible they can be used to attack corporate accounts. Therefore, user awareness is essential to protect attacks against both business and personal apps. Furthermore, businesses should invest in controls to be better placed in order to better detect and respond to such attacks when they occur.”
“It’s bad enough if you get hacked and someone steals your logon credentials to use elsewhere, but more and more of these “hacks” are no more than being tricked into logging into a website using your actual username and password- this of course is the same as literally handing over your logon credentials to a stranger; they then use your details for their own nefarious purposes. Often these links or websites look very lifelike and in some instances you could be forgiven for being tricked, but there is an easy way to stop this- by using two or multi factor authentication, you could limit any damage caused by being tricked. Yes of course they have your login and password, but being as though you understand the importance of not reusing any password on other sites, they can do nothing with it because they do not have your authenticator!
Whenever someone tries to log in from an unknown device it asks for a code to validate the user, you generate the code using an app and add this after your username and password, thus proving you as the owner; it’s simple, quick and WILL protect your details from thieves or scammers- and it’s free.”
“The fact that tens of thousands of Snapchat users have had their credentials swiped is hardly surprising as phishing emails catch out millions of people every year. It’s also unsurprising that someone decided to publish those credentials on the web either – criminals are always looking to make money or cause mischief, one way or another.
The worrying thing about this news, however, is the fact that many of the published email addresses and passwords will have been used for many different accounts, meaning the victims will be at risk of multiple account hijacks, potentially leaving themselves open to identity theft and other types of fraud.
The obvious solution for victims of this phishing campaign is to change their passwords on all accounts where the same credentials have been used, making sure that they then use a different password for every account this time around.
If that sounds like an extremely tricky proposition, especially considering how many accounts everyone has these days, the simple answer is to use a password manager that can both generate and store as many passwords as required.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.