Microsoft, Snapchat Downplay Cyberattacks

4 minute read
Anthony Myers avatar

Skype Reportedly Hacked + Snapchat User Data Leaked
Two popular online services are off to a good start in 2014 — for hackers, anyway. 

One cyberattack involved Skype, the Internet calls service owned by Microsoft. The service's Twitter and Facebook accounts, along with the service's blog page, displayed messages Wednesday purporting to be from the Syrian Electronic Army.

The other involved Snapchat, the Venice, Calif.- based messaging service. Hackers compromised about 4.6 million Snapchat accounts — and posted the phone numbers of affected users to a downloadable database on a website called snapchatdb.info.

Anti-Spying Messages on Skype

A message went out Wednesday from the Skype Twitter account that warned:

Don't trust Microsoft emails (Hotmail, Outlook). They are monitoring your accounts and selling the data to the governments. More details soon #SEA."

The hashtag references the Syrian Electronic Army. The message seems to be aimed at the recent revelations about technology companies being exploited by the US National Security Agency.

Additionally, on the same day, someone posted a Skype blog with the headline "Hacked by Syrian Electronic Army ... Stop Spying!" and a similar message was posted to the Skype Facebook page. All of the messages were taken down in less than a few hours.

The attacks did not appear to be aimed at theft of user data or other information. There have been no further reported attacks on Skype properties, but the Twitter message was reposted thousands of times. The risk here is that users will lose faith in Skype's security measures, which would hurt Microsoft as it pushes Skype as an enterprise level service.

"We recently became aware of a targeted cyber-attack that led to access to Skype's social media properties, but these credentials were quickly reset. No user information was compromised," a Microsoft spokesperson wrote to CMSWire in an email.

As for the NSA spying allegations, Microsoft is implementing cryptographic technology like Perfect Forward Secrecy and 2048-bit key lengths, Brad Smith, general counsel and EVP of legal and corporate affairs at Microsoft wrote in an early December blog post.

All Microsoft customer data will see the expanded encryption, Smith noted, and the technology will be completely in place by the end of 2014. Some of the beefed up security measures are already in place, but Smith did not delineate between services.

Learning Opportunities

Earlier in 2013, Microsoft worked around possible Outlook security risks by shutting off linked accounts. Instead, email aliases were enabled, a tactic also used by services like Google. Then in the fall, Microsoft went the M&A route to boost its mobile security features by purchasing PhoneFactor.

Snapchat Data Leak 

Last week, a Snapchat blog post noted that the company had been warned by a whitehat hacker collective about a possible vulnerability in its private API. A feature called Find My Friends allows users to upload their contacts to find Snapchat users by their phone numbers. Providing a phone number is optional for Snapchat users, but the ability to match the numbers with usernames was the issue, according to the blog post.

The "issue" became a reality on Tuesday when anonymous hackers loaded usernames and the partial phone numbers for those users to the snapchatdb.info site. Neither Gibson Security, the company that tipped Snapchat about the possible security vulnerability, nor any other group has taken responsibility for the hack.

Gibson Security purports to be a group of helpful hackers that doesn't exploit the vulnerabilities it finds, and even put up a website to help Snapchat users determine if their information had been compromised.

Snapchat appears to be taking the breach in stride. Yesterday, it posted a statement on the company blog and invited users to "let us know about security vulnerabilities" by email. The statement read, in part:

We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service."

Snapchat has been growing at a phenomenal rate, but this security breach could give potential users pause. Snapchat went on the proverbial map in 2013, and the quirky photo sharing app will likely continue growing this year. As disruptive as the service has so far been to companies like Facebook, further security problems could invite even more competitors to the industry.