Add Skype and Snapchat to the list of big-brand companies that have suffered security breaches, at the expense of their own reputations. Both companies were compromised by hackers between Christmas and New Year’s, Sophos Senior Security Advisor Chet Wisniewski tells Bloomberg TV.
Hackers claiming to be affiliated with the Syrian Electronic Army (SEA), a pro-Assad hacktivist group, last week took control of Skype’s accounts for Twitter, Facebook and WordPress via stolen passwords. Also, just after Christmas hackers breached the photo-messaging service Snapchat to expose more than 4.6 million usernames and phone numbers online.
The SEA posted a Tweet to Skype’s more than three million followers saying: “Don’t use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments.” Microsoft purchased Skype in 2011. The SEA took credit for the hack and has previously claimed credit for website attacks that brought down The New York Times and Twitter.
As Chet explains, Skype employees were tricked by social engineering into turning over the company’s social media account passwords. Apparently, Skype was not making use of a security setting that is available from Twitter, Facebook and WordPress, which might have protected the accounts from unauthorized access: two-factor authentication (2FA).
Snapchat’s vulnerability was previously known to the company, after security researchers disclosed it privately in August 2013. According to Chet, Snapchat did nothing to fix the security vulnerability at the time.
The attacks on Skype and Snapchat follow another recent big-brand security breach: Just before Christmas, 40 million customer financial accounts were put at risk due to a breach at major U.S. retailer Target. The biggest data breach of all was 150 million user account details stolen from Adobe in October 2013.
Watch Chet offer his expert opinion on these compromises in the Bloomberg TV clip below (Flash required).