Chaos Communications Congress 2014

Skype has once again found itself on the front lines of cybersecurity this week after the notorious Syrian Electronic Army hacked into its social media profiles and published a tweet discouraging people from using Microsoft-owned services. The instant messaging giant quickly regained control of the accounts and released a statement saying that no other systems have been compromised.

But while Skype subscribers have breathed a sigh of relief, Snapchat users are still scrambling to change their usernames after an anonymous hacker group managed to download the company’s full database of personal information by exploiting an API flaw discovered by Gibson Security. A total of 4.6 million Snapchat users were compromised, and their partial records have been uploaded to a website called Snapchat.db. The perpetrators claim that their goal was to raise public awareness of the vulnerability, which they say was left unpatched despite the fact that Snapchat had apparently known about it since August.

“Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale,” the hackers said.

Snapchat is not the only one with a privacy problem. In a recent keynote at the annual Chaos Communications Congress, security researcher Jacob Appelbaum revealed that iOS is vulnerable to government eavesdropping. He went as far as accusing Apple of being “complicit in the development of ‘DROPOUTJEEP,'” the software used by the spy agency’s elite TAO unit to intercept SMS messages, access local data stores, listen in on conversations and track targets’ physical location.