Snapchat hack affects 4.6 million users

The usernames and phone numbers for 4.6 million Snapchat accounts have been downloaded by hackers, who temporarily posted the data online.

A website called SnapchatDB released the data but censored the last two digits of the phone numbers.

It has since been taken offline but a cached version is still available.

The hack comes days after an Australian firm, Gibson Security, warned of vulnerabilities in Snapchat's app which it said could be exploited by hackers.

Gibson Security said it was not involved in the hack: "We know nothing about SnapchatDB, but it was a matter of time till something like that happened," the firm tweeted.

The hackers behind the website that published the data said they had exploited the security flaw highlighted by Gibson Security.

"We used a modified version of gibsonsec's exploit/method," they were quoted as saying by tech blog, Tech Crunch.

Stronger safeguards?

Snapchat has grown in popularity as an app that allows people to share pictures, safe in the knowledge they delete themselves after being viewed.

Snapchat explained in 60 seconds

It has a feature called "Find Friends", which allows users to upload their address book contacts to help find friends who are also using the service.

In its report published on 25 December, Gibson Security warned that a vulnerability on the Snapchat app could be used to reveal the phone numbers of users.

The firm said it had first warned Snapchat about this four months ago, adding that "nothing had been really been improved upon".

Vulnerability

Gibson claimed that it had been able to crunch through ten thousand phone numbers of Snapchat users "in approximately 7 minutes on a gigabit line on a virtual server".

In response to the Gibson report, Snapchat acknowledged a potential vulnerability but said it had taken measures to protect user data.

"Their latest changes are still not too hard to circumvent" (SnapchatDB)

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way," it said in a blogpost last week.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

However, the hackers behind SnapchatDB, the site that published the phone numbers, said the measures were not strong enough.

"Even now the exploit persists. It is still possible to scrape this data on a large scale," they claimed.

"Their latest changes are still not too hard to circumvent."

Article Source: http://www.bbc.co.uk/news/technology-25572661

The Biggest Concerns For All Businesses Using Facebook

One of the biggest concerns that I hear from small business owners when teaching them how to use Facebook is 'What about privacy'.

They're understandably concerned that if they start to market on Facebook, their customers will be able to find their personal profile page with pictures of their children, their wild nights out or their embarrassing hobbies.

As with all things in life, if you take the trouble to learn how to use Facebook properly, the solution to this problem is really simple.

 

Facebook does provide all the controls that you need to use to manage privacy matters fully, and I regularly publish family photos on Facebook, but I lock all my private posts down so that only the people I want to see my content are actually able to view it.

Safe Business Pages Step 1: Don't Use Your Personal Profile

The first step to separating business and personal on Facebook is to set everything up correctly.

That means using your personal profile for family and friends use and your business page for business use.

On a personal profile people have to use 'friend requests' ... you are the gate keeper, nobody can be admitted to your personal profile unless you give them permission.

When you post content on your personal profile, use 'Friends' (not 'Public') as your default post visibility option:

Use lists or 'Custom' to lock down content and don't allow people to 'Follow' you and adjust the privacy settings to be as open or private as you wish:

Safe Business Pages Step 2: Adjust Your Settings

On a business page, anybody can find and 'Like' a page, it is 'public facing' so clearly, you will not use this type of page to publish personal information.

You can still, however, lock down many settings on your business page and you should do so, to get it running the way that you want it:

Safe Business Pages Step 3: Sort Out Your Page Admins

I recommend that every page has at least one additional page admin 'just in case'.

If your personal profile was suspended for any reason, or even deleted in error, if you have a second trusted page admin, you can continue to operate your page whilst sorting out the problem with your own account.

The rule of thumb for giving somebody full admin access is 'would I trust this person with my credit card?'.

If not, don't make them an admin.

The Biggest Facebook Concern - Solved!

I've saved the best until last!

Most businesses worry that because their personal profile is connected to a business page the two are 'linked' in some way.

Well, that's certainly true, but they can be easily unlinked so that there is no connection between a personal profile and business page other than via you as the page admin.

To do this, first go to your business page settings:

Next navigate to the 'Featured' area:

Finally, either add or remove yourself as a featured page owner, as seen below:

In my own business, for reasons of transparency, I am happy to leave my personal profile connected to my business pages.

However, I only do this because my personal profile settings are completely locked down and you will not be able to find my Facebook images and posts in the public domain, so I have assured my privacy that way.

In addition, I only accept as friends people who I know personally, so once again, only people that I know get access to my personal info, and even then, I still protect many posts so that only family or individuals can view them. 

I recommend this approach as I personally feel that it is more transparent for a business, but if this personal/business connection really bothers you, this is how you sever the link.

By only ever posting as yourself or your business page, this way both entities can remain entirely separate.

LinkedIn Introduces New Blocking Feature

At the end of September, LinkedIn announced that they were to introduce a new feature which allows users to block certain individuals from viewing their LinkedIn page. This change has come after a number of people have complained to LinkedIn about people ‘stalking’ their LinkedIn profile, which they could do nothing about and could not prevent. LinkedIn have now acknowledged the need for a feature which allows users to block unwanted individuals from viewing their profile – a move which will hopefully reduce the stress and worry that some victims of online stalking feel from having their profile repetitively viewed by people they would rather not be in contact with.

www.techinews.org

Facebook and Twitter already have features which allow users to block individuals and have done so for quite some time. However, the principle of LinkedIn is that your professional profile is as easily discoverable as possible, aiding potential employers in finding your profile and getting work. Before the introduction of a blocking feature on LinkedIn the only way for users to avoid stalkers on the site was to increase privacy, which would counteract the whole concept of LinkedIn, and therefore hinder your chances of finding employment from the site. Furthermore, the potential problems which could arise from stalkers on LinkedIn is greater than on Facebook or Twitter as all the information which you post on your LinkedIn profile is true, and this makes the site uniquely worrying for the victims of LinkedIn stalking. In contrast, on Twitter or Facebook one could create an alias or omit some important information, such as the area where you live. On the other hand, on LinkedIn your workplace is publicly available to those who can view your profile – which means stalkers would have access to the area where you live or work and where you may relocate to.

The changes come partly as a result of certain petitions and groups who have called for a block feature to be introduced for a few years. Anna R. is one of these individuals, who has called for a block feature to be introduced following her own personal experience of sexual harassment in the work place and subsequent stalking from her ex-boss who would view her profile everyday. Anna commented on her petition page that “every day, LinkedIn members are being stalked and threatened. Without a blocking feature, like ones available on other social media sites, these stalkers are able to see where their "prey" works, in which city they work, when they change jobs, when they move, etc. When being stalked and living in fear, it is easy to see how scary this situation can be. Adding a blocking feature is important for the millions of LinkedIn users around the world who are being stalked yet have no control to stop it”.

The petition which Anna started on Change.org to ask LinkedIn to improve its privacy settings has been signed by over 8,500 people, including many other victims of LinkedIn stalking, who have also shared their stories online. The petition is partly responsible for the response from Paul Rockwell, head of Trust and Safety at LinkedIn, which featured on the help section of the LinkedIn website on the 20th August. He commented that “I'd like to start by acknowledging the ongoing demand for a block feature, and I can confirm that we’re in the process of building one. We've heard you, and we both recognize and appreciate the need for privacy controls in this digital age, which is why we remain committed to placing the controls in your hands”.

Stalking by individuals who repetitively view your online profile is not the only problem that LinkedIn has found which threatens its reputation as a professional network. There have also been many cases of people receiving inappropriate messages from strangers via their LinkedIn messaging service commenting on a person’s personal appearance and not relating to work or professional aspects of the site at all. This has even led to the creation of certain blogs and websites to share particular messages which these so-called ‘social creeps’ have sent online.

What do you think?

Do you think that it is right for LinkedIn to introduce a blocking feature?