Snapchat Breach Leads RoundupHackers Download 4.6 Million Usernames, Phone Numbers
In this week's breach roundup, hackers claim to have downloaded usernames and phone numbers for as many as 4.6 million users of the Snapchat photo messaging application. Also, the Colorado Department of Health Care Policy and Financing is notifying certain clients that their protected health information was potentially compromised.
Snapchat Hack Affects 4.6 Million
A group of hackers using the name SnapchatDB claim to have compromised the usernames and phone numbers of as many as 4.6 million users of Snapchat, a photo messaging application, according to news reports.
SnapchatDB says it downloaded the information using an exploit in Snapchat and then posted it to a website called SnapchatDB.info, according to the Washington Post. The site has since been suspended.
The breach follows news of a report posted on Dec. 25 from a security group called Gibson Security that highlighted a Snapchat vulnerability that could enable an attack involving compiling a database of Snapchat usernames and phone numbers.
Snapchat made reference to this report on Dec. 27 in a blog it issued on its website, stating that it is, indeed, possible for someone to compile such a database.
"Over the past year we've implemented various safeguards to make it more difficult to do," Snapchat said in the blog. "We recently added additional counter-measures and continue to make improvements to combat spam and abuse."
"Even now the exploit persists," SnapchatDB said in a statement obtained by the Washington Post. "It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent."
Users concerned as to whether their information was compromised can use a look-up tool that Gibson Security has created.
Snapchat did not immediately respond to a request for comment.
Colo. Medicaid Agency Warns of Breach
The Colorado Department of Health Care Policy and Financing is notifying more than 1,900 clients that their protected health information was potentially compromised after a temporary employee of a contractor, the Colorado Community Health Alliance, sent client information to a personal e-mail address.
The department administers the state's Medicaid and Child Health Plan programs.
The client information may have been sent for the employee's personal use in a separate business, according to a statement posted to the state department's website.
The contractor notified the department about the incident on Nov. 22 and took immediate steps to terminate the employee, the statement said.
Compromised information includes names, dates of birth, Medicaid identification numbers, addresses, telephone numbers and health conditions, according to the department.
City Clerk E-Mailed Herself City Data
The city of Sumner, Wash., has fired a temporary employee after she e-mailed herself city forms containing sensitive information.
A city spokeswoman told local media outlet The News Tribune that the employee sent information about 3,600 individuals to her personal e-mail address.
Compromised information included names, addresses and dates of birth, according to a statement posted to the city of Sumner's website. A complete analysis of the former employee's hard drive, however, confirms that the breach was caught before she opened the information outside the city system, the statement notes.
Gaming Sites Hit by DDoS
A hacktivist group calling itself Derp conducted a series of distributed-denial-of-service attacks against several popular online games, including League of Legends, Battlenet, Dota 2, Quake Live, and Club Penguin, according to the BBC.
The attacks were partly aimed at U.S. professional gamer James Varga. Throughout the course of the attacks, the hackers kept targeting games that Varga was playing, the report said.
As a result of the attacks, Varga's personal information was posted online, which led to someone placing a prank call to Varga's local police department claiming hostages were being held at his home, the BBC report said. This led to armed police responding to the call and Varga being arrested and later released.