Here is a good and simple way to tell if a website is actually encrypting your password and protecting you. If you use the sites password recovery tools and they send you an e-mail that contains your original password that means that they are not encrypting user data and putting you at risk. Websites should send you a temp password and force you to set a new. If the passwords are encrypted they should have no way of knowing what your password is.
Anyway here is the Snapchat story, what makes this one really bad is knew it was going to happen.
Gibson Security, the Australian security researchers who uncovered the vulnerability – published months before the hack – likened Snapchat’s approach to security to a restaurant which spent, “millions on decoration, but barely anything on cleanliness.”
The site, which offers a service where users send pictures which are visible for only a few seconds, had previously ignored warnings from Gibson Security claiming they were ‘theoretical’, according to The Register’s report. The Register described Snapchat’s post as a “red rag to a bull”.
Gibson said in a blog post that the vulnerability arises from the Find Friends feature – and claimed that the service had not acted on a previous post, dating from August, which detailed vulnerabilities in the site’s Android app. The researchers – who describe themselves as ‘poor students’ – now offer a page which allows users to check if their number is among those leaked.