On Tuesday anonymous hackers used a known security flaw in the Snapchat photo messaging app to access data on 4.6 million users, including names and phone numbers. The hackers then posted a copy of the data on a site called SnapchatDB.info
This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue.
Minimally the Snapchat user data can now be used to launch targeted spam attacks, but worse, if your username/phone number is shared with other websites then hackers can use this information to gain access to your other accounts/services.
Gibson Security researchers were some of the first to identify the Snapchat vulnerability back in August, and they have now launched a website for users to verify whether their information was exposed in the Snapchat hack.
The Snapchat’s failure to resolve the vulnerability used in this hack is only the latest in a growing number of companies to disregard security problems reported by researchers such as Gibson Security.
The Minneapolis Star Tribune posted an article today that Target Corp. has suffered a security breach that could put millions of customer credit cards at risk. A spokeswoman from American Express has confirmed the breach, and it appears that security expert Brian Krebs first reported the issue on December 13th.
“Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that timeframe.”
So what to do next? The FTC Consumer Information site’s Credit Card Fraud page recommends the following:
- Save your receipts to compare with your statement.
- Open your bills promptly — or check them online often — and reconcile them with the purchases you’ve made.
- Report any questionable charges to the card issuer.
Call the card issuer as soon as you realize your card has been lost or stolen. Many companies have toll-free numbers and 24 hour service to deal with this. Once you report the loss or theft, the law says you have no additional responsibility for charges you didn’t make; in any case, your liability for each card lost or stolen is $50. If you suspect that the card was used fraudulently, you may have to sign a statement under oath that you didn’t make the purchases in question
forecast.io has an interesting blog post about their Dark Sky forecasting system and the process they use to remove noise (such as ground clutter) from radar images.
Here’s an image showing the system in action:
Not entirely accurate, but very cool research paper and visualizations showing global internet usage as seen by a botnet.
If you use last.fm, eHarmony or LinkedIn I highly recommend changing your passwords and preferably using a different password for these sites and others.
For those of you not aware, there have been an increasing number of sites reporting security breaches, resulting in the leak of user and password data. LinkedIn, eHarmony and now last.fm are all a part of the latest wave of compromised data (as noted by The Verge).
These 3 sites aren’t alone. Sony, Zappos, Microsoft, Twitter and many other major brands have reported their own security breaches and compromised data.
So, if you have an active account with any of the affected sites I highly recommend changing your password. I also recommend creating separate passwords for your vital accounts and information online, especially your email and financial accounts, which can be used as gateways to gain access to other accounts and personal information. Microsoft also has a brief, but good article on strong passwords (and a good tool for checking password strength).
UPDATE: FormSpring has just announced today (7/10/12) that their site has suffered a similar security breach, and that they will be disabling some 30 million affected user accounts.