February 20, 2018 by

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000 Snapchat users in an attack last year.,

According to the Verge, Snap’s director of engineering Chad DePue sent an email to company employees about a threat against users’ privacy, originally raised by a UK government official from Dorset. A website, called klviral.org, had published a list of credentials purporting to be usernames and passwords of a total of 55,851 Snapchat accounts.

Although all of the listed credentials weren’t legitimate, Snap took the call to reset the passwords of thousands of Snapchat users. Still, for an unknown and undisclosed amount of time, the users have had their Snapchat account credentials exposed to users on the public website.

The Verge, citing a source, said the attack stemmed from a phishing link sent to users from a compromised account. When clicked, a website purporting to be the Snapchat login screen shows up, fooling users into providing their credentials. While companies like Facebook routinely scan links to identify phishing scams and block them, Snap’s measures left the social media company come short in the cybersecurity stakes.

A spokesman told the publication:

“We are very sorry when anyone is tricked by phishing. While we can’t prevent people from sharing their Snapchat credentials with third parties, we do have advanced defenses to detect and prevent suspicious activity. We encourage Snapchatters to always use strong passwords, enable login Verification, and never use third-party apps or plugins.”

Snap specifically noticed a single device had been logging into a large number of accounts. While the account was flagged, the damage was already done. It is unclear how long the attack went on for or when it had begun. What is known, however, is that the attack is believed to have been coordinated from the Dominican Republic. While the total amount of compromised account is relatively meager to Snap’s 187 million active users, the incident is a stark reminder of how popular populated platforms are vulnerable to the simplest threats.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Hackers Find a New Way to Attack Nuclear Plants: Template Injection

Hackers have leveraged phishing, a long successful method to execute cyberattacks, with a template...

Read more arrow_forward

Nearly 50% of Organizations are Victims of Ransomware Attacks

A new study has revealed that ransomware attacks targeting organizations continue to be one the...

Read more arrow_forward