Snapchat Case Summary

1646 Words4 Pages

Highly Publicized data breach in 2016: Phishing attack that resulted in Snapchat Employee Data Compromise.
Snapchat is a photo-video messaging app that gives users the opportunity to record videos, snap photos, add texts as well as drawing and send it to their friends and followers. (Betters, 2015).
The Incident
Snap Inc. formerly Snapchat Inc. was a victim of a phishing attack in the early months 2016, precisely February, 2016. On Sunday, 28th February, 2016, the company released statements on their blog posts apologizing to the snapchat employees about a phishing attack that left one of the employee of the company to inadvertently release payroll information of some of the present and past employees of the company.
According …show more content…

The organization, through its blog post stated that it was sorting things out with the present and past employees affected by the scam by offering them free identity-theft insurance and monitoring for two years. The naivety of one of the employees has cost the organization a huge sum of money and also, brought the organization’s name into disrepute, because a lot of security conscious people might be conscious of having their information on Snapchat after the incident.
Major Vulnerabilities Disclosed in 2016
A critical MySQL Zero-Day Vulnerability of CVE-2016-6662 was discovered by a Researcher known as Dawid Golunski.

On the 12th of September, 2016, an independent Researcher at http://legalhackers.com known as Dawid Golunski released a research that shows several critical vulnerabilities with CVEID of CVE-2016-6662 in MySQL Database.
MySQL is a free and open source database that is adjudged to be the most popular databases because of its simplicity, robustness, delivery of high performance and scalable database applications. Startup companies, fastest growing companies as well as well as largest companies in the world all make use of MySQL databases, (Golunsky, …show more content…

But as a form of temporary mitigation, the researcher suggested that users should endeavor to be certain that all MySQL users should NOT own any of the MySQL config files. He also implore the users of the database to create root-owned my.conf configuration files that are not in use. (Golunsky, 2016). On the 29th July, 2016, the vulnerability was reported to Oracle Corporation as well as MariaDB and PerconaDB that were also affected and by 30th August, 2016, MariaDB and PerconaDB and the database clones’ developer swiftly went on to develop the patches but somehow the patches got into public repositories and also fixed security which could notify attackers were also mentioned.
Unfortunately, the vendor, despite being in communication with the researcher via email, silently released the patches on the vulnerabilities without due notification to the researcher. The patches for the versions 5.7, 5.6 and 5.5 zero day vulnerabilities could be found on https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html, https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html, https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html

More about Snapchat Case Summary

Open Document