Jan. 4, 2014, 8:16 a.m. EST
Why hackers want your phone number
Lessons from the data breach at Snapchat
l

Getty Images
Though most people wouldn’t give their phone number to a stranger on the
street, they’re happy to share their digits with Google
GOOG
-0.73%
, Facebook
FB
-0.28%
, and other sites. But as millions of young Snapchat users just learned, phone numbers are valuable information to hackers.
On Wednesday, Snapchat became the first company to have its data hacked
in 2014 when 4.6 million account usernames and partial phone numbers
were posted online as a warning to those using the photo messaging
service. “Our motivation behind the release was to raise the public
awareness around the issue, and also put public pressure on Snapchat to
get this exploit fixed,” the alleged hackers told tech site TheVerge.com
. A spokeswoman for Snapchat declined to comment, but the company released a blog post
saying it’s added counter-measures “to combat spam and abuse.”
Consumers should be wary about sharing their mobile numbers, security
experts say. “Phone numbers are unique identifiers that tend to last for
a long time,” says Michael Fertik, CEO at Reputation.com, a site that
helps consumers protect their privacy online. “You change your phone
number much less often than your IP address and probably even your home
address.” While Snapchat users have fake usernames, many people use the
same I.D. across a range of social networks, says Graham Cluley, a U.K.
security blogger and technology consultant. “Use a different user I.D.
than the one you use publicly on Facebook and Twitter,” he says. What’s
more, typing just a mobile number into Facebook will reveal the profiles
of the owner if he or she added it to their account information.
Why hackers want your cellphone number
If you wouldn't give your cellphone number to a stranger, why would you give it to a website? As Snapchat users found, there's money to be made from knowing your cellphone number, Quentin Fottrell reports. Photo: Getty Images.
Snapchat’s alleged data breach is also a misstep for a company founded
on the principle of preserving your online anonymity. Launched in
September 2011, social networkers can send “Snaps”—photos or videos—that
last between 1 and 10 seconds, depending on the time limit set by the
sender. The service—which reportedly spurned a $3 billion offer
from Facebook last November—has over 100 million users and shares 400
million snaps daily. “It’s embarrassing for Snapchat,” Cluley says, but
could be more embarrassing for its users. After all, photos can be saved
by recipients who “screen-grab” them in time. “These photos and mobile
numbers could potentially be used for cyber-bullying and blackmail,” he
says, especially if they’re connected to a real name.
Hackers can also fake a caller I.D. by using your number to sidestep a
security step, says Bo Holland, founder and CEO of AllClear ID, an
identity protection firm. Even without a real name, however, consumers
can be spammed with text messages—known as “smishing”—asking people to
click on links that contain malware—a virus that can retrieve data
stored there: photos, contact lists, emails and passwords. “Phone
numbers are a building block for hackers,” says Adam Levin, co-founder
of online security company Identity Theft 911. Some 37.3 million
Internet users faced phishing attacks in 2013, an 87% rise over the last
three years, according to a survey from online security company
Kaspersky Lab. “Smartphones are not just communication devices,” Levin
says. “They are data storage devices.”
Snapchat data breach exposes millions' account info
Snapchat suffered a very public leak of its users’ information. And there isn't much that users can do about it. Brian Fitzgerald reports. Photo: Getty Images.
So why do companies want your mobile number? “It’s is a necessary and
useful part of e-commerce,” Fertik says, “but you should not give it
without a specific reason.” For those waiting for a package or taking a
flight, for example, it helps to receive a text message about delays.
Plus, mobile numbers can be a useful two-factor authentication, says
e-commerce consultant Bryan Eisenberg. Step 1: input your username and
password to your email, social networking or bank account. Step 2:
receive a text message to validate any changes. This can also be done
with a secondary email address or Google Voice number that redirects
calls and texts to your cell; for that reason, Eisenberg has given his
mobile number to Google, but hasn't given it to Facebook. He doesn’t
have a Snapchat account
No comments:
Post a Comment