Friday, December 27, 2013

Snapchat Downplays Phone Number Matching Hack, Says It’s Added New Counter-Measures

hqdefault

Following security researchers publishing a way to match Snapchat usernames to phone numbers, Snapchat has published a skimpy statement making the hack sound impractical and noting “We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”


Earlier this week ZDNet published an in-depth write-up of how white-hat Gibson Security researchers had tried to notify Snapchat of a way hackers could connect usernames to phone numbers for use in stalking, but were ignored. The GibSec team then published the exploit publicly on Christmas Eve.


Snapchat hadn’t provided a public statement until now, and what it’s offered isn’t very satisfying. “Theoretically, if someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.” It goes on to note it’s added more barriers to the use of this hack.


There are no details on how these counter-measures work, such rate limiting or automated systems that scan suspicious activity that may be someone trying to match names and numbers. The vagueness could keep the new barriers from being evaded, but doesn’t offer much comfort to users.


Developing










from TechCrunch http://feedproxy.google.com/~r/Techcrunch/~3/LHuTL91IIgA/

No comments:

Post a Comment