![]() They used a hardcoded shared secret key, which was a simple string constant in the app. Their measures included some basic SSL and token hashing. But it was not at a level that serious security professionals would recommend for such a high profile service. Snapchat did implement some basic security. They used the API to look up 4.6 million phone numbers and usernames. As a result, hackers compromised Snapchat API security. Snapchat apparently did not heed this warning. In August, the computer security research firm Gibson Security warned Snapchat about API vulnerabilities that exposed them to the threat of a hack. The frightening disregard for security can come back to haunt these companies - just like Snapchat found out. Unfortunately, this happens all too often in the race of being the first to provide innovative functionality and, yes, often attractive eye-popping valuations. But the incident reveals the risks when API providers are lax about addressing core security and governance issues. The Snapchat API hack happened because of lax security measures. If enterprises do not take the appropriate steps for API security -and lay down well-defined processes surrounding API development - their data is at risk. While APIs are making access to data easier, they also make it extremely easy for people to come after your data. ![]() And there's a lot to learn from this API attack. The Snapchat API hack made headlines in 2014.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |