If you’re receiving messages from your friends on Snapchat that tell you how to lose weight, don’t freak out. It appears that many accounts have been hijacked, though Snapchat denies the spammers accessed accounts through its own system.
According to Twitter, users’ accounts have been hijacked and used to send weight loss spam to other accounts. There’s no word yet on how many accounts have been affected, but people have been complaining about it on Twitter for the past few days.
Here’s the official statement from Snapchat, given to the BBC:
We have seen evidence that hackers who have access to a trove of credentials leaked from other websites, have started using them to gain access to Snapchat accounts. In many instances, our defences have notified the user that their account has been compromised. We recommend using a unique and complex password to access your Snapchat account.
In other words, it seems hackers are using the account info that has been leaked from separate hacks (including this Gmail password dump that affected more than 5 million accounts) to gain access for this spam attack.
On New Year’s Eve last year, user names, names and phone numbers of more than 4.6 million Snapchat users were leaked online after a hack by a website called SnapchatDB, which said it released the information because Snapchat had ignored disclosures from the hackers that security on the ephemeral messaging service was lacking.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.
Snapchat’s cavalier attitude towards security is nothing new.
The app was not created, to the confusion of many, as a way of beefing up security on your messaging. Ephemerality, from the viewpoint of the Snapchat team, is about living in the moment, not about hiding your secrets.
When the company grew to the point that security started to become a question, forensic researchers found a way to lift unopened snaps from a users’ phone. Co-founder Evan Spiegel’s playful response was that there are much easier and less expensive ways to capture those photos, like a screenshot or a photo taken with a separate camera.
Now, those kinds of hacks aren’t so cute. Snapchat has grown into a company that has joined the unicorn club, with a valuation that is rumored to be north of $10 billion. The stakes are higher than they were a year ago.
In this instance, Snapchat isn’t directly responsible for hackers gaining access to user accounts, but Snapchat has been slow to respond to security issues in the past (namely on New Years Eve). The perception that the company may not be protecting its users may be damaging, especially when you consider that these users generally skew young and might not realize that, in this case, Snapchat actually isn’t directly to blame.
Many users have been sent emails informing them that they may have been breached, with instructions on how to set a new password.