Snapchat Was Warned of Security Problems and Told Everyone Things Were Fine Days Before Security Breach
Doesn't everyone know the first step is admitting you have a problem?
Snapchat suffered recently when millions of its users’ usernames and phone numbers were posted for public viewing by hackers, but companies that operate online run that risk. The risk significantly increases when a group of hackers warns you that you’re vulnerable and tells the entire Internet how to hack you, and you say everything is fine.
Back in August, a group of helpful hackers known as Gibson Sec (Gibson Security) told Snapchat that the app’s developers basically just left its doors unlocked for anyone who bothered to check, because they were able to access the Snapchat API. For those keeping score at home, that’s four months of advance warning.
Seemingly growing impatient with Snapchat’s disregard for their advice, Gibson Sec then gave them a wake up call as a Christmas present by posting the details of how to hack Snapchat for anyone on the Internet to see. If this was a zombie movie, now would be the part where the audience starts screaming at Snapchat that they have to destroy the brains.
Instead of properly disposing of their metaphorical zombie, Snapchat made a blog post on December 27 saying that everything was fine and that they appreciated the warnings, but safeguards were in place to prevent anything bad from happening. Basically, they locked the zombie in the basement and assumed that would be safe. Of course, that’s when something bad happened.
Only four days later, on December 31, 4.6 million Snapchat usernames and phone numbers were posted online by hackers. Luckily, there’s not a whole lot anyone can do with just your Snapchat username and phone number aside from make you distrust Snapchat’s security, but that’s a pretty big hit for the young company. We just hope they learn from this and prevent a worse security breach in the future.
If you’re worried that your username and phone number may have been exposed, the database has been removed, but Gibson Sec has tried to lend a hand by setting up a system for you to see if you were affected without viewing the entire database.