On January 1, 2014, news broke of another successful unauthorized intrusion by malicious parties into an area of a prominent online service, this time Snapchat, assumed to be secure. The intruders are said to have made off with personal account information on 4.6 million users.
With this successful exploit, it’s safe to save the volume, and severity of malicious attacks on websites offering Software as a Service (SaaS) offers, has reached a critical mass. When a majority of SaaS consumers can be assumed to be familiar with the details of this unfortunate event, will it make sense to start planning for lower levels of demand for these services?
As Doug Gross wrote in an article published on CNN.com titled Millions of accounts compromised in Snapchat hack (http://edition NULL.cnn NULL.com/2014/01/01/tech/social-media/snapchat-hack/index NULL.html), “The hack was seemingly intended to urge Snapchat to tighten its security measures.” (quoted from Mr. Gross’ article, a link to which has been provided above).
If this assumption proves true, then the impact of this event may be even greater. Snapchat (http://www NULL.snapchat NULL.com) markets itself as a cutting edge service for consumers in need of a secure venue for sensitive online chats. The big benefit of their service (I’ve not tried it myself), is Snapchat’s purported ability to completely remove any trace of these chats once they’ve been concluded. The consumers of this service are an especially promising cut of online users from the perspective of investment analysts. They all use the service on mobile devices.
The people behind this malicious attack, whether driven by a benign motivation to prompt Snapchat to tighten up on its security features, or not, have now demonstrated the actual lack of security implicit to a SaaS offer targeted to online consumers looking for an advanced method of engaging in highly secure communications with one another. If Snapchat can’t be trusted to be secure, where are we?
As long as online communications are all routed along only one protocol — Ethernet –and an ASCII text application, HTML, is the obligatory application method, the volume and severity of these attacks will likely continue to escalate. The honeypot has become too irresistible for attackers to ignore.
Ira Michael Blonder (https://plus NULL.google NULL.com/108970003169613491972/posts?tab=XX?rel=author)
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved