Nancy Blair and Brett Molina

USA TODAY

Snapchat said it had implemented safeguards making an exploit %22more difficult%22

Syrian Electronic Army took credit for hacking Skype

Phone numbers are valuable to criminals in social-engineering attacks

SAN FRANCISCO — Several million Snapchat usernames and phone numbers were apparently leaked online late Tuesday night.

Several outlets including The Verge reported that 4.6 million usernames and phone numbers were posted as a downloadable database by so-far anonymous hackers. The site where the database was posted appeared to be down on Wednesday morning.

Snapchat warned of this potential scenario days prior in a blog post, saying a security group had alerted it about a potential vulnerability "by which one could compile a database of Snapchat usernames and phone numbers."

Snapchat is a popular messaging app that lets users send each other photos that quickly disappear.

In its blog post of Dec. 27, Snapchat described how its Find Friends feature allows users to upload their contact lists to Snapchat as a way of linking up friends.

The company said it had implemented safeguards making an exploit "more difficult to do."

Meanwhile, it wasn't the only popular tech service having a difficult start to the new year. The official blog and social network accounts for Microsoft's Web calling service Skype appear to have been breached.

A post published Wednesday on the official Skype blog featured the headline, "Hacked by Syrian Electronic Army.. Stop Spying!"

A pair of tweets attributed to the SEA were posted on Skype's official Twitter account. "Stop Spying on People! via Syrian Electronic Army," reads a portion of one of the tweets. And Skype's Facebook page hosted the message: "Don't use Microsoft emails (hotmail,outlook), They are monitoring your accounts and selling it to the governments," with the hashtag "#SEA."

The message on Facebook has been deleted, while the company's blogs redirect visitors to the Skype home page.

Snapchat did not respond to immediate requests for comment.

Through its Twitter account, Skype said: "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."

The breaches are the latest in what has become a growing problem for Web services, retailers and consumers. Last month, Target reported the theft of some 40 million credit and debit cards used in its stores from Black Friday through Dec. 15.

Any website with a large following is ripe for cyberthieves as they rely more on data and glean more customer information, says Siobhan MacDermott, a leading cybersecurity consultant.

"Snapchat is running and growing at the speed of sound, on a skeleton team, trying to make a big splash in the social market, so it's unlikely it's paid much attention to security," says Steve Wilson, principal analyst at Constellation Research.

Phone numbers are important data for establishing identity at call centers, so they're valuable to criminals in social-engineering attacks, Wilson says. A criminal with several data sets can use phone numbers to correlate user names to real names and other records, making it easier to assume real-world identities at banks, government agencies, employers and elsewhere.

Zack Fasel of consulting firm Urbane Security says the information found in this database could be used to target users through "malicious e-mails or 'phishing' text messages claiming to be from Snapchat."





Contributing: Jon Swartz