Snapchat isn’t having the best 2014: less than a week after a cyber-security collective revealed an exploit that could allow hackers to swipe users’ personal data from the messaging service, a couple hackers reportedly went right ahead and stole 4.6 million usernames and phone numbers, posting them as a downloadable database.
Before news of the hack leaked, Snapchat had pooh-poohed the idea of such a breach in a Dec. 27 blog posting. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,” the posting read. “Over the past year we’ve implemented various safeguards to make it more difficult to do.”
The hackers who stole the database also hacked off the last two digits of every phone number, although they dangled the possibility of releasing that missing information under specific circumstances: “Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”
It’s easy to see why Snapchat’s become so popular: the idea of messages that vaporize within a few seconds of opening holds a lot of appeal to not only the excessively paranoid, but also anyone who simply wants to keep their online footprint to a minimum. But as several security experts are pointing out, the idea of “disappearing messages” was never a foolproof one.
“If you took a photo of your phone while the risky image was on screen, or took a screenshot, or dumped your phone’s graphics RAM, or used basic forensic data recovery techniques to retrieve the “deleted” files after viewing them, or fetched the image through a session-logging web proxy,” Phil Ducklin wrote in a Jan. 1 posting on the Naked Security Website, “then you’d quickly have realised that Snapchat’s promises of ‘disappearing images’ were fanciful.”
For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist:
Facebook Poke: Facebook’s Snapchat competitor—produced before the social network’s failed attempt to buy the messaging service for a few billion dollars in 2013—allows iPhone users to send messages, photos, and video that disappear after 10 seconds. It includes some neat features, such as a little star symbol that appears if the recipient takes a screenshot of the poke.
Silent Circle: For those who use Snapchat to send work-related messages—there must be a few of you out there—Silent Circle offers a messaging app (for a subscription fee) that forces messages to self-destruct after a set period of time.
Clipchat: A Snapchat clone that allows users to send photos or videos that last for five seconds before deletion.
Squawk: Another messaging app that will erase texts after a certain period of time.
Wickr: Wickr features military-grade encryption (AES256, ECDH521, RSA4096, TLS), and the app-builders claim they don’t have the keys to decrypt; messages vaporize after a set time. The service also requires no personal information from the user, who could prove ideal for anyone still feeling burned from sharing their phone number with other services.
Happy messaging in the New Year! May your personal info remain unbreached.
Image: Silent Circle