Video: Sophos expert talks Skype, Snapchat and Target hacks on Bloomberg TV

EnduserSophosLabsData loss preventionEmailMedia coverageMicrosoftNaked SecurityTarget

skypeAdd Skype and Snapchat to the list of big-brand companies that have suffered security breaches, at the expense of their own reputations. Both companies were compromised by hackers between Christmas and New Year’s, Sophos Senior Security Advisor Chet Wisniewski tells Bloomberg TV.

Hackers claiming to be affiliated with the Syrian Electronic Army (SEA), a pro-Assad hacktivist group, last week took control of Skype’s accounts for Twitter, Facebook and WordPress via stolen passwords. Also, just after Christmas hackers breached the photo-messaging service Snapchat to expose more than 4.6 million usernames and phone numbers online.

The SEA posted a Tweet to Skype’s more than three million followers saying: “Don’t use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments.” Microsoft purchased Skype in 2011. The SEA took credit for the hack and has previously claimed credit for website attacks that brought down The New York Times and Twitter.

Skype's Twitter account was taken over by the Syrian Electronic Army.
Skype’s Twitter account was hacked by the Syrian Electronic Army.

As Chet explains, Skype employees were tricked by social engineering into turning over the company’s social media account passwords. Apparently, Skype was not making use of a security setting that is available from Twitter, Facebook and WordPress, which might have protected the accounts from unauthorized access: two-factor authentication (2FA).

Snapchat’s vulnerability was previously known to the company, after security researchers disclosed it privately in August 2013. According to Chet, Snapchat did nothing to fix the security vulnerability at the time.

The attacks on Skype and Snapchat follow another recent big-brand security breach: Just before Christmas, 40 million customer financial accounts were put at risk due to a breach at major U.S. retailer Target. The biggest data breach of all was 150 million user account details stolen from Adobe in October 2013.

Watch Chet offer his expert opinion on these compromises in the Bloomberg TV clip below (Flash required).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s