Sophos Cloud Optix
Have your Snapchat friends taken to calling you fat recently? If so, don’t get mad at them – their suggestion that you pop a weight loss pill is probably the result of having their account hacked.
Several users of the disappearing chat app have taken to Twitter to bemoan the fact that they’ve been receiving messages from their pals, inviting them to visit a weight loss site.
Some Snapchatters like Makalah Vosmera, quickly realised they’d been hacked:
I have been hacked on snapchat just so everyone know. I am not intentionally sending everyone a weight loss add
Others reported receiving the spam from newly added Snapchat “friends”:
Someone added me on Snapchat and sent me this.... think they're trying to tell me to lose weight
Snapchat denied any kind of system breach, telling the BBC that compromised user accounts were a result of login credentials being found elsewhere on the web.
We have seen evidence that hackers who have access to a trove of credentials leaked from other websites, have started using them to gain access to Snapchat accounts. In many instances, our defences have notified the user that their account has been compromised. We recommend using a unique and complex password to access your Snapchat account.
Where did the stolen credentials come from? It could be from a number of sources, considering the many high-profile breaches we’ve seen in the last year, including Adobe, Yahoo, Cupid Media and others.
It’s a reminder about just how important it is to make each password unique for every online account. Otherwise if someone steals your login credentials for one site, they’ll have access to them all.
As Snapchat advises, the passwords should each be unique and complex. To repeat Naked Security’s Paul Ducklin advice from a recent article about passwords:
- Stick to the rule: “one account, one password.”
- If you can only remember one strong password, try a password manager.
- Change your passwords promptly if a crook might have got hold of them.
- Use two-factor authentication (2FA) if you can.
Snapchat says it has emailed many of the compromised users to let them know their account has been hacked.
Image of tape measure courtesy of Shutterstock.
As an extension to “If you can only remember one strong password, try a password manager.”, I use a different model. I have one password base, and then I tack on a special string that’s unique to each web site.
So, the passwords are all unique, but they’re also easier to remember. The base changes if I reset passwords, but the extension for each site stays the same.
Still, I think for normal folk who aren’t OCD (like me), a password manager is the way to go.