Skip to content

Video: Sophos expert talks Skype, Snapchat and Target hacks on Bloomberg TV

skypeAdd Skype and Snapchat to the list of big-brand companies that have suffered security breaches, at the expense of their own reputations. Both companies were compromised by hackers between Christmas and New Year’s, Sophos Senior Security Advisor Chet Wisniewski tells Bloomberg TV.

Hackers claiming to be affiliated with the Syrian Electronic Army (SEA), a pro-Assad hacktivist group, last week took control of Skype’s accounts for Twitter, Facebook and WordPress via stolen passwords. Also, just after Christmas hackers breached the photo-messaging service Snapchat to expose more than 4.6 million usernames and phone numbers online.

The SEA posted a Tweet to Skype’s more than three million followers saying: “Don’t use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments.” Microsoft purchased Skype in 2011. The SEA took credit for the hack and has previously claimed credit for website attacks that brought down The New York Times and Twitter.

Skype's Twitter account was taken over by the Syrian Electronic Army.
Skype’s Twitter account was hacked by the Syrian Electronic Army.

As Chet explains, Skype employees were tricked by social engineering into turning over the company’s social media account passwords. Apparently, Skype was not making use of a security setting that is available from Twitter, Facebook and WordPress, which might have protected the accounts from unauthorized access: two-factor authentication (2FA).

Snapchat’s vulnerability was previously known to the company, after security researchers disclosed it privately in August 2013. According to Chet, Snapchat did nothing to fix the security vulnerability at the time.

The attacks on Skype and Snapchat follow another recent big-brand security breach: Just before Christmas, 40 million customer financial accounts were put at risk due to a breach at major U.S. retailer Target. The biggest data breach of all was 150 million user account details stolen from Adobe in October 2013.

Watch Chet offer his expert opinion on these compromises in the Bloomberg TV clip below (Flash required).

3 Comments

Leave a Reply

Your email address will not be published.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!