2014 Snapchat hack: Difference between revisions
Appearance
Content deleted Content added
No edit summary |
ClueBot NG (talk | contribs) m Reverting possible vandalism by 2606:A000:6957:9D00:D141:75B6:4A9:B592 to version by 0xF8E8. Report False Positive? Thanks, ClueBot NG. (3004290) (Bot) |
||
(12 intermediate revisions by 10 users not shown) | |||
Line 1: | Line 1: | ||
#redirect [[Snapchat#December 2013 hack]] {{R from merge}} |
|||
<!-- Please do not remove or change this AfD message until the issue is settled --> |
|||
{{Article for deletion/dated|page=2014 Snapchat hack|timestamp=20140120155736|year=2014|month=January|day=20|substed=yes|help=off}} |
|||
<!-- For administrator use only: {{Old AfD multi|page=2014 Snapchat hack|date=20 January 2014|result='''keep'''}} --> |
|||
<!-- End of AfD message, feel free to edit beyond this point --> |
|||
{{Infobox news event |
|||
| title = 2014 Snapchat hack |
|||
| image = [[File:Snapchat logo.png|140px]] |
|||
| image_name = |
|||
| image_size = |
|||
| caption = [[Snapchat]] logo |
|||
| date = {{start date|2014|01|01}} |
|||
| time = |
|||
| place = Globally |
|||
| coordinates = <!-- {{coord|LAT|LON|region:XXXX_type:event|display=inline,title}} --> |
|||
| also known as = |
|||
| cause = [[Hacker (computer security)|Hack]] |
|||
| first reporter = |
|||
| filmed by = |
|||
| participants = |
|||
| outcome = Approximately 4.6 million usernames and phone numbers leaked |
|||
| reported injuries = |
|||
| reported death(s) = |
|||
| reported missing = |
|||
| reported property damage = |
|||
| burial = |
|||
| inquiries = |
|||
| inquest = |
|||
| coroner = |
|||
| suspects = |
|||
| charges = |
|||
| verdict = |
|||
| convictions = |
|||
| publication bans = |
|||
| litigation = |
|||
| awards = |
|||
| url = |
|||
| website = http://snapchat.com/ |
|||
| notes = |
|||
}} |
|||
[[Snapchat]], a [[photo sharing|photo messaging]] mobile application, was hacked on January 1, 2014{{dubious|Why are several articles documenting this, e.g. one by TechCrunch, dated Dec 31 then?}}.<ref>{{cite news|url=http://www.theregister.co.uk/2014/01/02/snapchat_leak/|title=Snapchat: In 'theory' you could hack... Oh Crap, is that 4.6 million user's details?|work=[[The Register]]|accessdate=2014-01-03}}</ref><ref name="time">{{cite web|url=http://techland.time.com/2014/01/02/how-to-survive-the-snapchat-hack-and-others/|title=How to Survive the Snapchat Hack (and Others)|work=[[TIME]]|accessdate=2014-01-03}}</ref> The hack is said to have revealed parts of approximately 4.6 million usernames and phone numbers in a website named "SnapchatDB.info".<ref name="time" /><ref name="mercury"/><ref name="telegraph">{{cite web|url=http://www.telegraph.co.uk/technology/internet-security/10546626/Snapchat-hack-leaks-4.6m-users-details.html|title=Snapchat hack leaks 4.6m users details|work=[[The Daily Telegraph|The Telegraph]]|accessdate=2014-01-03}}</ref> |
|||
Snapchat reportedly failed to fix a security vulnerability that was publicly disclosed by Gibson Security, an Australian security firm<ref>{{cite web|url=http://www.usatoday.com/story/tech/columnist/2014/01/02/snapchat-breach-new-tech-economy-john-shinal-usa-today/4250487/|title=Snapchat hack should be a "wake-up" call|work=[[USA Today]]|accessdate=2014-01-03}}</ref> on 27 August 2013.<ref>http://www.zdnet.com/snapchat-names-aliases-and-phone-numbers-obtainable-via-android-api-say-researchers-7000019992/</ref><ref>{{cite web|url=http://gibsonsec.org/snapchat/|title=Snapchat Security Disclosure|publisher=Gibson Security|accessdate=2014-01-03}}</ref> Gibson Security then made public the source code for their exploit on Christmas Day (in Australia, Christmas Eve in the US).<ref>http://www.zdnet.com/researchers-publish-snapchat-code-allowing-phone-number-matching-after-exploit-disclosures-ignored-7000024629/</ref><Ref>http://gibsonsec.org/snapchat/fulldisclosure/</ref> On December 27, Snapchat announced that it had implemented a number of mitigating features.<ref>http://techcrunch.com/2013/12/27/snapchat-phone-number-hack/</ref> Nevertheless they were hacked by anonymous perpetators,<Ref>http://techcrunch.com/2013/12/31/hackers-claim-to-publish-list-of-4-6m-snapchat-usernames-and-numbers/</ref> who said that the mitigating features were only "minor obstacles".<ref>http://news.cnet.com/8301-1023_3-57616434-93/overexposed-snapchat-user-info-from-4.6m-accounts/</ref> The hackers also sent a statement to the popular technology blog [[TechCrunch]], saying, "our motivation behind the release was to raise the public awareness around the issue and also put public pressure on Snapchat to get this exploit fixed".<ref name="mercury">{{cite news|url=http://www.mercurynews.com/business/ci_24836443/snapchat-security-breach-affects-4-6-million-user|title=Snapchat hack: Users wonder whether their snaps are safe|work=[[San Jose Mercury News]]|accessdate=2014-01-03}}</ref> The hackers allegedly used an API exploit to hack Snapchat.<ref>{{cite web|url=http://www.forbes.com/sites/anthonykosner/2014/01/01/4-6-million-snapchat-usernames-and-phone-numbers-captured-by-api-exploit/|title=4.6 million Snapchat Usernames and Phone Numbers Captured by API Exploit|work=[[Forbes]]|accessdate=3 January 2014}}</ref> Snapchat apologized a week after the hack.<ref>http://www.businessinsider.com/snapchat-hack-apology-2014-1</ref> |
|||
==Public response == |
|||
Gibson Security spokesperson said, "I can understand [why they hacked Snapchat], and it's probably going to get Snapchat to do something, but I think it was too far, and they could have at least censored more of the phone numbers".<ref name="venture">{{cite web|url=http://venturebeat.com/2014/01/02/snapchat-confirms-leak-of-4-6m-usernames-doesnt-apologize/|title=Snapchat confirms leak of 4.6M usernames, doesn't apologize|publisher=VentureBeat|accessdate=2014-01-03}}</ref> Gibson Security, the firm that first pointed out the security flaw, said it was not a part of the hacking attempt.<ref>{{cite news|url=http://www.smh.com.au/it-pro/security-it/snapchat-hacked-leaking-46-million-usernames-and-phone-numbers-20140101-hv7b9.html|title=Snapchat hacked, leaking 4.6 million usernames and phone numbers|work=[[Sydney Morning Herald]]|accessdate=2014-01-03}}</ref> However, some Snapchat users posted to Twitter that they were not worried about the hack.<ref name="fox">{{cite web|url=http://www.foxbusiness.com/personal-finance/2014/01/02/snapchats-hack-what-users-should-do-now/|title=Snapchat's hack: What Users should do now|publisher=Fox Business|accessdate=2014-01-03}}</ref> Adam Levin, co-founder of Identity Theft 911, commented that any hacking attempt impacts people. He said it is important to know that any technology can be defeated, and one should look at things skeptically.<ref name="fox"/> According to [[Yahoo! Finance]]'s Jeff Macke, "Last fall Spiegel reportedly turned down as much as $3 billion from [[Facebook]] (FB) and $4 billion from [[Google]] (GOOG)", and thus—according to Macke—, after the hack "Evan Spiegel is looking like a guy who turned down $4 billion for a company that just lost its reason to exist. That being the case we’ve got an early leader for biggest loser of 2014."<ref>{{cite news|url=http://finance.yahoo.com/blogs/breakout/snapchat-hack-may-have-just-cost-the-company-founder--4-billion-155733225.html|title=Snapchat hack may have just cost the company founder $4 billion|publisher=[[Yahoo Finance]]|accessdate=2014-01-03}}</ref> |
|||
== Response from Snapchat == |
|||
Snapchat issued a formal statement about the hack.<ref name="venture" /><ref name="inde"/> Evan Spiegel, the founder of Snapchat whose number was apparently present in the hacked database, tweeted that the company was currently seeking legal help.<ref name="inde">{{cite web|url=http://www.independent.co.uk/life-style/gadgets-and-tech/snapchat-hack-46-million-users-affected-9033983.html|title=Snapchat hack: 4.6 million users affected|work=[[The Independent]]|accessdate=2014-01-03}}</ref> In its response, Snapchat said that an updated version of its app would soon come out that could let users opt out of the "Find Friends" feature, that required their stored numbers so that other users could easily find them.<ref>{{cite web|url=http://www.engadget.com/2014/01/02/snapchat-hack-response/|title=Snapchat acknowledges hack, updated app coming that lets users opt out of Find Friends|publisher=[[Engadget]]|accessdate=2014-01-03}}</ref> Other changes applied by Snapchat post the attack, to protect users and improve security, include the rate limiting suggested by security researchers last week.<ref>{{cite web|url=http://blog.snapchat.com/post/72013106599/find-friends-abuse|title=Snapchat- Find Friends abuse|publisher=[[Snapchat]] Blog|accessdate=2014-01-03}}</ref><ref>{{cite web|url=http://edition.cnn.com/2014/01/01/tech/social-media/snapchat-hack/|title=Millions of accounts compromised in Snapchat hack|publisher=[[CNN]]|accessdate=2014-01-03}}</ref> |
|||
One particular phrase in the response reads "[...] that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use". This is an example of [[Security through obscurity]]. |
|||
== References == |
|||
{{reflist|2}} |
|||
[[Category:Hacking (computer security)]] |
|||
{{Hacking in the 2010s}} |
Latest revision as of 23:10, 12 April 2017
Redirect to:
- From a merge: This is a redirect from a page that was merged into another page. This redirect was kept in order to preserve the edit history of this page after its content was merged into the content of the target page. Please do not remove the tag that generates this text (unless the need to recreate content on this page has been demonstrated) or delete this page.
- For redirects with substantive page histories that did not result from page merges use {{R with history}} instead.