Phishing Attack Stole Information From Snapchat Users

0
623

Phishing attack stole credentials from over 50,000 snapchat users

A phishing attack stole the privacy and security of over 50,000 snapchat users. Late July, Snap’s director of engineering sent email to the company’s team regarding a privacy threat. This was after receiving a tip from a government official from Dorset in United Kingdom. The information was a publicly available list, embedded in a phishing website named klkviral.org. It contained a list of 55,851 Snapchat accounts, along with their usernames and passwords.

The attack appeared to be connected to recent incident the company believed to have been coordinated from the Dominican Republic. Actually, not all of the account credentials were valid in that attack. And Snap already reset the majority of the accounts following the initial attack. But in a period of time, thousands of Snapchat credentials were available on a public website.

The attack relied on a link sent to users through a compromised account. When clicked by the users, it will direct you to a website and mimic the Snapchat login screen. Many companies like Facebook, scan links as they are sent in an effort to identify pages that mimic their login. And they eventually block that website accordingly.

Snap spokesman said, “We are very sorry when anyone is tricked by phishing. While we can’t prevent people from sharing their Snapchat credentials with third parties, we do have advanced defenses to detect and prevent suspicious activity. We encourage Snapchatters to always use strong passwords, enable login Verification, and never use third-party apps or plugins.”

The company said that they use machine-learning techniques to look for suspicious links being sent within the app. And block thousands of suspicious URLs every year. Users who were affected by the July attack were notified that their password have been reset.