Hi-jacked Snapchat accounts have reportedly been sending weight loss ads to user contacts, initially being identified on Twitter by users across several different countries. This time around, accounts aren’t being breached by a hack, or at least that’s what Snapchat is telling users.
It wouldn’t be the first time Snapchat has been hacked after a data leak of usernames and mobile numbers spread their way across the internet on to a website called SnapchatDB in January, but this time they are adamant that there is no way that they have been hacked again. SnapchatDB claimed the data was posted onto its pages to raise awareness of the vulnerability, censoring the last 2 digits of mobile numbers to give anyone wanting to exploit the leaked data at least a small challenge.
This explains how usernames have been accessed, but what about passwords? Snapchat says the hi-jacking of user accounts is entirely the product of other sites containing their information, suggesting other leaks or phishing attacks could collect passwords from other sites and use it to log into Snapchat. Compromised users will receive an email advising them to change their password when they log back onto their account.
The images sent out so far do not appear to cause any harm to the account or the recipients, appearing to only spam users with an advert offering weight loss products on a website registered under the name of a former president of Poland. Snapchat doesn’t have a very good track record in regards to security, having its fair share of breaches over the 3 years it has been running, however concerns as to customer confidence are now being questioned. An increase in competing apps means loss of confidence could result in users moving away from Snapchat, seeking confidence elsewhere in its competitors.