Saturday, December 28, 2013

Failure Snapchat exposes data and user identity - Digital Look

A failure in the Snapchat API opens a dangerous loophole for service users. According to a group of security researchers Gibson Security, a script is able to associate the calling user login names and their numbers, and privacy levels account.

According to the report, the flaw allows data theft and resale for money or else the persecution of users who are identified by the failure.

According to the research team, failure is already known, as well as another that would allow hackers registrassem thousands accountability in service. The Snapchat, however, does not accept attempts to contact Gibson Security to report these faults, then the group publicly disclosed failures.

The numbers and names of users can be connected even if the account is configured private. The information can be gathered in a database, allowing the payment of a few dollars to get the phone number of the person and their social network profiles.

The group says the Snapchat could have corrected the flaw that allowed the massive tally with a few lines of code, but chose not to. At the same time, chose to announce a new feature that allowed review a snap the second time in one day.

Ars Technica contacted the Snapchat, but the company did not send a reply to the trouble.

Via Ars Technica

No comments:

Post a Comment