Over the Christmas holiday period, Snapchat users’ information was inadvertently released following a gap in the app’s security software. It resulted in usernames and phone numbers from up to 4.6 million accounts being downloaded by an unconnected website. Security researchers confirmed that the app’s Android and iOS versions were vulnerable to hacking and could be accessed to reveal users’ personal details.
Even with further security put in place by Snapchat after the event, the website responsible for the hack was still able to access further information relating to Snapchat’s users. At this stage, it remains unclear whether Snapchat have resolved the issue satisfactorily.
Snapchat was not the only victim of hacking events over the festive period. The Syrian Electronic Army claimed credit for hacking into users’ accounts on Skype. The group also published the contact details of Microsoft’s retiring Chief Executive, Steve Ballmer. The hack was a protest at the US’ alleged monitoring of personal communication accounts.
What this means for you
Whilst the security breaches committed by the hackers included personal information, it did not include users’ card details. That possibility remains very real. Payment processors need to remain alive to the use of card details with apps. In order to avoid security breaches, robust security measures need to be in place and ongoing checks on merchants involved in this business should be completed with PSPs looking towards compliance with PCI DSS as the gold standard in data security.