Phising Attack Exposes Snapchat Credentials of Over 50,000 Users

According to a recent report from The Verge, a phishing attack exposed the Snapchat credentials of 55,851 accounts late last July. The written report reveals that the company'southward manager of applied science emailed the team in response to a privacy threat.

The threat was brought to their attention by a government official from Dorset in the UK, who pointed out that a phishing website, chosen klkviral.org, was hosting a listing of stolen credentials of over 50,000 Snapchat accounts.

Emails obtained by the The Verge later revealed that the set on was continued to a previous incident that the visitor believed was coordinated from the Dominican Commonwealth. The report further states that not all the business relationship credentials were valid and Snapchat reset a majority of the accounts following the initial attack. However, for a brief period of time, thousands of Snapchat account credentials were publicly available on the website.

Snapchat Phishing Warning — (Epitome: The Verge)

A person familiar with the matter told the publication that the phishing set on relied on a link sent to users through a compromised business relationship, which redirected to a website that was designed to mimic the Snapchat login screen. In order to fix the consequence, Snapchat has at present implemented a warning which prompts users if they endeavour to click on a link to klkviral and other known phishing websites.

A Snap spokesperson told The Verge:

"Nosotros are very sorry when anyone is tricked by phishing…While we tin can't forbid people from sharing their Snapchat credentials with tertiary parties, we practice have avant-garde defenses to detect and prevent suspicious activity. We encourage Snapchatters to ever use strong passwords, enable login Verifications, and never use third-party apps or plugins."

Snap claims that it uses machine-learning techniques to identify suspicious links being shared within the app and proactively blocks thousands of suspicious URLs per year.

The company further noted that users who were affected by the phishing attack in July were notified that their passwords had been reset via an email from the company. The report also notes that by the morning of July 24, Google had blocked klkviral.org from appearing in its search results and flagged information technology as a malicious website.