It is the very beginning of 2014 and it seems that privacy and security will be The Question and Issue of the year. With the revelation from former NSA contractor, Edward Snowden, we discovered that users’ data had become the 21st century treasure. Therefore the question is: who can we trust? What are companies doing with their users’ data? How do they protect it? Do they give it all to institutions of surveillance like the National Security Administration? Some hackers decided to make those questions a priority using their own very way.
Last Tuesday more than four-and-a-half million Snapchat usernames and phone numbers leaked online after anonymous hackers posted the information on a website called SnapchatDB.info. The whole Snapchat security story started when Gibson Security, a security firm, highlighted the flaw in August 2013 and again on 25th December. Snapchat acknowledged in a blogpost that “it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames” but that measures had been implemented to protect users’ data”. Unfortunately for Snapchat, that is what hackers used to breach the company’s security.
According to their statement, the SnapchatDB hackers were compelled to take “the necessary steps to secure user data” because of Snapchat’s reluctance to do it properly”. Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” the hackers said. “We hope to see that Snapchat patches the exploit, and patches it well this time … Especially after seeing the magnitude of attention that our leak received, we think that Snapchat will be targeted by other groups if they don’t safeguard user security. We expect Snapchat to roll out a proper patch and notify their users and assure them that they will be more careful with their private information from now on.” According to their statement, the SnapchatDB hackers were compelled to take action because of Snapchat’s reluctance to take “the necessary steps to secure user data”.
The other big example is the cyber-attack launched against Skype’s security by the Syrian Electronic Army (SEA). They managed to hack Skype’s Twitter account, Facebook page and Blog. The reason behind this hack was again due to Snowden’s revelation. Documents from the NSA’s PRISM program apparently indicated that the secretive agency could spy on Skype audio and video calls thanks to backdoor access. Interestingly, in October, it was reported that the messaging and calling service was under investigation in Luxembourg over suspected links to the NSA. A month later, the country’s data protection authority cleared both Microsoft and Skype of any violations.
The SEA gained controlled of Skype’s twitter account to denounce some of the company inappropriate activities. Its message: end spying on the public.
The group gained also access to Skype’s Facebook account.
And finally here is what users could read on Skype’s Blog:
Tech Crunch – The Syrian Electronic Army Rings In The New Year By Hacking Skype’s Social Media Accounts
Mashable – 4.6 Million Snapchat Usernames and Phone Numbers Leaked
Tech Crunch – Snapchat Says It’s Improving Its App, Service To Prevent Future User Data Leaks
The Next Web – Snapchat responds to hack by promising app update to let you opt out of its Find Friends feature