The Syrian Electronic Army, a hacker’s group from the pro-Syrian government movement is taking credit for two separate hacking attacks on Snapchat and Skype. The hackers then posted a database housing 4.6 million names and phone numbers of their users.
The hackers posted their stolen database of user information on the website SnapchatDB.info and it was made available for download by late Tuesday. The Syrian Electronic Army said that they wanted to expose the vulnerability of user data by the popular image exchanging and communications app. The website was suspended as of late Wednesday.
Snapchat did publicize a warning about this potential security breach just a few days prior to the event occurring. Snapchat said that it was warned by a security group about the vulnerability of their user data.
A spokesperson for Snapchat said that they do not display user’s phone numbers to other users, nor do they make the phone number’s searchable by username. However taking a database with phone numbers and merging that data with usernames from Snapchat will allow the creation of a list of matching of usernames and their associated phone numbers.
The information stolen from Snapchat was acquired through an exploit that has already been patched, but the Syrian group wanted to still let people know that some companies are too reluctant to patch exploits until it is usually too late. Those companies are being trusted by people to protect their information and they need to be more careful when dealing with it.
The exploit was revealed to Snapchat back in August by Gibson Security, a tech research firm from Australia. A spokesperson from Gibson Security said that they know nothing about the database that was created, but they still say that the exploit still exists with by using some minor fixes. Gibson is now offering a public service for Snapchat users to find out if their phone number was any of the numbers obtained by the hackers.
As well as the Snapchat hacking, the Syrian Electronic Army also hacked into the blog and social network of Microsoft’s video communications tool Skype. The Wednesday blog post for Skype said, “Hacked by Syrian Electronic Army…Stop Spying!” The hacking group also posted Microsoft Corp.’s chief executive, Steve Ballmer’s contact information on the company’s Twitter account.
The hackers also used Skype’s Twitter account to send out tweets telling people to not use Microsoft’s Outlook or Hotmail as they are selling the data to the government. Former National Security Agency (NSA) contractor, Edward Snowden, said last year that Microsoft was part of the NSA’s monitoring of communications through their Skype program.
The messages have been scrubbed from Microsoft’s official Skype blogs and social media sites by late afternoon, but the Syrian Electronic Army retweeted copies of their hacked messages for anyone that had missed the original tweet’s broadcast.
The hacking group identifies as being supporters of Syrian president, Bashar Assad, but previously the Syrian Electronic Army was only responsible for hacking news websites that they deemed as being supportive of the rebellion in Syria. Their latest hacking jobs targeting Snapchat and Skype were not expected and out of character from their previous work.
By Brent Matsalla