Millions of accounts compromised in Snapchat hack

Hackers appear to have posted account info for 4.6 million users of quickie social-sharing app Snapchat, making usernames and at least partial phone numbers available for download.
The data were posted to the website SnapchatDB.info. By late Wednesday morning, that site had been suspended.

The hack was seemingly intended to urge Snapchat to tighten its security measures. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.

“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” the hackers said in a statement to Techcrunch.

In the statement, the hackers said they blurred the last two digits of the phone numbers they posted but were still considering whether to post more with the full number visible.

By Wednesday afternoon, developers had used the data to set up a whether their accounts had been compromised.

Snapchat did not immediately respond to a message seeking comment.
Last week, — a group of “white hat” hackers, meaning they don’t exploit the security gaps they find — published what they said was code that would enable such a hack. The SnapchatDB group said Snapchat implemented “very minor obstacles” after that.

“We know nothing about SnapchatDB, but it was a matter of time til something like that happened,” Gibson Security wrote Wednesday on its Twitter account. “Also the exploit works still with minor fixes.”

Snapchat appeared to minimize the potential damage from such a hack, claiming that it would require a “huge set of phone numbers, like every number in an area code,” to match usernames to numbers.

“Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse,” the post read. “Happy Snapping!”

Source: CNN

Skype Twitter Account Hacked, Group Posts Anti-Microsoft Sentiments

It looks like 2014 is off to a series of hacks, with our report earlier claiming that Snapchat was hacked, compromising some 4.6 million user names and phone numbers in the process, and now it looks like Microsoft’s Skype Twitter and Facebook accounts have been hacked by the Syrian Electronic Army, who have in the past successfully hacked Twitter, The Financial Times, and The Washington Post just to name a few. The group took the opportunity to tweet out some anti-Microsoft sentiments, and advised the followers to stop using Microsoft’s services due to monitoring, which we can only assume has to be related to the recent bout of accusations leveled at the NSA.

According to the tweet, “Don’t use Microsoft emails(hotmail,outlook), they are monitoring your accounts and selling the data to the governments. More details soon #SEA.” The tweets have since been deleted which we can only assume means that Microsoft has managed to regain control of their accounts. Thankfully unlike the Snapchat hack, this was only the hack of Microsoft’s Twitter and Facebook pages, meaning that as far as user information is concerned, it appears to be still intact. Microsoft has yet to respond to the hack.

Source: Ubergizmo

iPhone Lockscreen Can Be Bypassed with New iOS 6.1 Trick

A security flaw in Apple’s iOS 6.1 lets anyone bypass your iPhone password lock and access your phone app, view or modify contacts, check your voicemail, and look through your photos (by attempting to add a photo to a contact). The method, as detailed by YouTube user videosdebarraquito, involves making (and immediately canceling) an emergency call and holding down the power button twice. We followed the steps and managed to access the phone app on two UK iPhone 5s running iOS 6.1. This isn’t the first time this has happened — a very similar bug affected iOS 4.1 and was fixed in iOS 4.2. We’ve reached out to Apple for comment and will update you once we hear back.

Watch this Youtube Video demonstration of the hack.

Source: The Verge