Skip to main content
close search
site logo

Snapchat's phishing attack breached 50K accounts

Published Feb. 20, 2018
By
Netskope

Brief:

  • A phishing attack on Snapchat tricked more than 55,000 users to reveal their account passwords, according to the Verge. The company learned of the data breach in July 2017, when a U.K. government official notified a Snap engineer that the attack resulted in a publicly available list of thousands of users' login information, including passwords, on phishing website klkviral.org.
  • The phishing attack relied on a compromised account that sent users a link pointing to a mobile site designed to mimic the Snapchat login screen. The phishers collected login data from users who entered their usernames and passwords on the fake site. In July, Snap observed that a single device had logged into thousands of accounts and marked it as suspicious, but that was after the accounts were compromised.
  • Last summer's event appeared to be related to a previous data breach that was believed to have started in the Dominican Republic, the Verge reported. Snap reached out to impacted users and reset most of the breached accounts after the initial attack, though thousands of credentials remained on a public website that host GoDaddy refused to disable.

Insight:

The phishing attack on Snapchat highlights the precautions that social media companies need to take in protecting user data, particularly for younger smartphone users who can be easily deceived into revealing personal data or into making in-app purchases. To prevent the attacks, social media companies are relying more on artificial intelligence (AI) software and other machine learning techniques to identify and block malicious websites.

As a result of thw phishing attack on Snapchat, Google in July blocked klkviral.org from appearing in search results and marked it as a malicious site for people trying to visit it. Snap also added warnings to notify users when they attempt to send a link to phishing sites such as klkviral.

The attack affected a comparably small number of Snapchat's 187 million users, but served as a reminder of how quickly a phishing attack can spread to thousands of smartphone users.

While many companies have implemented training programs to help their employees identify phishing attacks that come through email or fake virus warnings in pop-up screens, social media providers also need to help educate consumers about malicious activity to prevent people from becoming victims of fraud. Last year, the Federal Trade Commission published a recommendation that urges businesses to protect their brands and customers from phishing by using email authentication. This news further highlights the importance of using strong passwords and two-step login verification tools, a growing emphasis in the tech and data privacy space.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Alison.ai’s $13.3M Funding to Speed Up AI-Driven Creative Optimization for Global Brands
From Jackie Farrell
November 12, 2024
DAIVID Launches AI-Powered Solution That Predicts Attention, Emotions, Memory and Brand Impact…
From DAIVID
October 29, 2024
Invoca State of AI Report: 80% of B2C Marketers Say AI Tools Exceeded ROI Expectations in 2024
From Invoca
November 14, 2024
MagicLinks Introduces First-of-Its-Kind CreatorCare Rewards Program for Creators
From MagicLinks
October 30, 2024
Editors' picks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell