What happened
Illinois Man Charged for Snapchat Account Phishing details that U.S. prosecutors charged 26-year-old Kyle Svara in connection with a phishing operation that allowed him to hack nearly 600 Snapchat accounts belonging to women to steal private photos and sell them online. Between May 2020 and February 2021, Svara used social engineering to obtain emails, phone numbers, and usernames and then texted over 4,500 targets posing as Snap representatives to obtain access codes, ultimately harvesting credentials for about 570 victims and accessing at least 59 accounts without permission. He then advertised his services on platforms including Reddit, and one client, former coach Steve Waithe, was previously sentenced for sextortion and related crimes.Â
Who is affected
Victims include nearly 600 Snapchat account holders whose accounts were compromised through phishing and social engineering, along with broader platform trust concerns.Â
Why CISOs should care
This case underscores the ongoing threat of social engineering and phishing to consumer accounts, reputation risk for platforms, and the need for strong identity protection to prevent credential compromise and misuse.Â
3 practical actions
- Strengthen user education: Promote awareness of phishing tactics and verification before sharing authentication codes.
- Monitor unusual access: Detect and respond to repeated access code requests or atypical login behavior.
- Enhance platform safeguards: Implement additional safeguards to limit credential abuse and unauthorized account access.