Hack-Smarter-Not-Harder Trend Is What Hit Snapchat

Hackers are taking advantage of lax password habits and third-party software to steal information from Snapchat and Dropbox.
Posted at 1:09 PM, Oct 15, 2014

A pair of high-profile hacks in recent days have something in common:

"The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox."

And Snapchat users "were victimized by their use of third-party apps to send and receive Snaps" when that service got hacked last week.

These data and password leaks came from third parties. Business Insider says the trend these days is to hack smarter, not harder.

"Hackers don't need to try and target the tech giants anymore. Why bother trying to hack into Google, Apple or Facebook's servers when you can simply take advantage of a poorly built website to get the same information?"

Take passwords. A service can have flawless security, but it's only going to be as good as its weakest link — and the more someone reuses a password, the higher its chances of being the weakest link. So that part of the security puzzle is on users.

But at least some of the responsibility is still on service providers. In Snapchat's case specifically, experts say the company needs to better secure its API — the tool developers can use to create third-party apps for the service.

Snapchat doesn't offer an official API. A developer who talked to The Verge says the unofficial version is inherently risky. "When something isn't first-party, you have no guarantee that the code you can't see isn't doing something malicious."

Case in point: Snapsaved, the third-party app using that unofficial API. Snapsaved was ultimately responsible for leaking the images in the Snapchat hack.

In a post on Facebook over the weekend, the company said a misconfigured server let hackers steal its database. Fast Company reports Snapsaved has since shut down, though it's not clear whether that's permanent.

Dropbox and Snapchat, in the meantime, are reminding their users to be careful — enable two-step authentication on their Dropbox accounts if it's not done already, and only use Snapchat's official app to do their Snapchatting.

Now is also as good a time as any — and maybe a better time than most — to change your passwords.