The Snapchat 'hack' that never was: Experts find no evidence 1.7m accounts leaked
Claims followed comments by Snapchat's chief executive regarding India.
On 16 April, reports circulated hackers had compromised the networks of Snapchat, the popular social sharing platform, and stolen over 1.7 million credentials in retaliation for statements made about India by the firm's chief executive, Evan Spiegel.
The group claimed to have hacked into Snapchat via a vulnerability in its smartphone application and threatened to launch further attacks, despite releasing no evidence to back up its claims. It demanded Spiegel apologise for allegedly calling India a "poor country".
Luckily for Snapchat's users across the globe, there's no sign the claims are legitimate.
Security researchers believe quite the opposite is true, with a small batch of published credentials online taken from a set of previously-leaked users names from 2013.
When the self-described hackers emerged, they posted information to GhostBin, a website that lets users submit and store text-based data. Far from 1.7 million, it contained less than 5,000 records – usernames, partial phone numbers and no passwords.
When probed further by one researcher, Rojan Rijal, this data matched information first posted on a website called SnapchatDB back in January 2014.
When this hack occurred – stemming from a cyberattack on the applications's "Find Friends" feature – 4.6 million users were impacted.
"Snapchat was not exactly hacked, [the] hackers just pasted an old data that was published online," Rijal wrote in a blog post, adding: "This was not a real hack. No data was stolen. 'Hackers' here simply downloaded the file found online and shared it."
This matched the analysis of Fortune magazine, which made contact with several cybersecurity firms including Flashpoint and FireEye to ask about the allegedly leaked information. Each found no evidence of a new hack, instead only encountered the previously-leaked accounts on the web.
Snapchat has not yet commented on the incident.
It did, however, address the growing scandal and subsequent backlash in India after Spiegel's comments were picked up on by the media. In court filings, he was accused of proclaiming Snapchat was "only for rich people" and not for "poor countries".
A Snap Inc. spokesperson brushed off the comments, saying the words came from a "disgruntled former employee".
A statement read: "Obviously, Snapchat is for everyone! We are grateful for our Snapchat community in India and around the world."
Last year, Snapchat was forced to contact a slew of employees – past and present – to warn them sensitive payroll data was accessed by hackers who tricked a member of staff using an email spearphishing scam that impersonated Spiegel.
"A number of our employees have now had their identity compromised. And for that, we're just impossibly sorry," it said at the time. While Snapchat is no stranger to cybersecurity incidents, this latest case – for all intents and purposes – never happened.
© Copyright IBTimes 2024. All rights reserved.