Gibson said Security Snapchat warned about vulnerabilities in their application
Continue reading the main story
Related articles
Snapchat hack secret saves images
Snapchat files restraining order
Snapchat photo recovery "possible"
User names and telephone numbers of 4.6 million accounts Snapchat have been downloaded by the hackers , temporarily published the data online .
A website called SnapchatDB released the data, but criticized the last two digits of telephone numbers .
Since then it has been taken offline , but a cached version is still available.
The hack comes days after an Australian company , Gibson Security warned of vulnerabilities in applications Snapchat which he said could be exploited by hackers.
Security Gibson said he was not involved in the hack: " We know nothing about SnapchatDB , but it was a matter of time until something like this happened ," the company on Twitter .
The hackers behind the website that publishes data said they had exploited security flaw highlighted by Gibson Security.
"We used a modified version of gibsonsec exploit / method", which were quoted as saying by the technology blog , Tech Crunch.
Safeguards stronger ?
Snapchat has grown in popularity as an application that allows people to share photos , knowing that delete themselves after being viewed .
Snapchat explained in 60 seconds
It has a feature called Find Friends , which allows users to upload their contacts address book to help you find friends who are also using the service.
In its report published on December 25, Gibson Security warned of a vulnerability in Snapchat application could be used to reveal the phone numbers of users.
The firm said it had warned about this Snapchat first four months ago , adding that " nothing has been really improved . "
vulnerability
Gibson said he had been able to do calculations across ten thousand phone numbers Snapchat users " in about 7 minutes on a gigabit line on a virtual server ."
In response to the report of Gibson, Snapchat recognized a potential vulnerability , but said it had taken steps to protect user data .
Continue reading the main story
"
Start Quote
His latest changes are still very difficult to circumvent "
SnapchatDB
"In theory , if someone were able to charge a huge set of phone numbers , like all numbers in an area code , or all possible numbers in the U.S. , which could create a database results and match the user names phone numbers that way, " he said in a blog post last week.
"Over the past year we have implemented various security measures to make it more difficult to do. We have recently added additional countermeasures and continue to make improvements to combat spam and abuse. "
However, the hackers behind the SnapchatDB , the website that published the phone numbers , said the measures were not strong enough.
"Even now the exploit persists. Still possible to scrape these large scale data " , they say .
"Your latest changes are still not very difficult to circumvent."
ليست هناك تعليقات:
إرسال تعليق