Snapchat breach could be more dangerous than users think

by Charles Leaver

January 6, 2014

access_time 3 min read

A growing number of individuals utilize the popular photo sharing application Snapchat, where users can customize photos and send them to others for a specified period of time. Recently, hackers were able to breach the application's database in a data leakage attack, stealing the usernames and phone numbers of 4.6 million Snapchat users.

According to CBS contributor Time Jimenez, this information was later publicly released on a website in an attempt for cybercriminals to prove that the photo sharing app isn't as safe as it may seem.

Some may be asking, is this really a big deal? Cybersecurity expert Rob D'Ovidio echoed this question, but also provided context as to why users should be worried about data leakage.

"It's just a Snapchat username and phone number," D'Ovidio noted. "Well, the big concern here is that people use a single username across multiple platforms. Now I can start putting together bits of information."

Furthermore, Forbes contributor Kah Seng Tay also pointed out that a cybercriminal could be armed with nearly everything they need with access to users' login credentials and phone number. If an individual also utilizes their mobile device for business purposes within a BYOD practice, they could have sensitive, company-owned intellectual property stored in addition to their Snapchat app. In this way, and especially if the same username is used within business programs, data leakage could spread to affect the person's employer as well.

This case illustrates the importance of creating a different username and password for every access point. Each application should have a unique set of credentials for the user, and these should not be repeated in any other location. Although individuals may find it easier to remember the same information across different programs, this puts all these endpoints at risk of data leakage. For improved endpoint data protection, users can establish different login credentials and store them in a password manager, Berkeley Lab advised. These programs safely encrypt username and password information so that it is easily accessible but still safeguarded against cyberattacks.