Phishing Attack Discovers 55,000 Snapchat Passwords

The usernames and passwords of 55,851 Snapchat accounts were posted on a phishing website in July 2017 after a coordinated attack.

A link was sent to users from a compromised account that opened a third-party website with a copy of the Snapchat login screen. Snap reset the majority of the accounts following discovery of the inital attack but thousands of password credentials were available on the public website. Users were notified by email that their passwords had been reset.

Snap discovered the compromise because a single device was logged into too many accounts so it was flagged as suspicious. A government official located in the United Kingdom reported the posting of the details of the successful phishing attack online to Snap.

Snap says it proactively blocks thousands of suspicious URLs per year through machine-learning but they “encourage Snapchatters to always use strong passwords, enable login Verification, and never use third-party apps or plugins.”

Read more about the attack on The Verge.