Snapchat users have been bombarded with repeated, unexpected two-factor authentication (2FA) text messages this week, but it’s unclear whether the cause was a breakdown on Snapchat or hackers trying en masse into unsecured Snapchat accounts to penetrate. Either way, updating your Snapchat password right away is not a bad idea.

As of this writing, Snapchat has not yet commented on the issue. I’m just speculating, but it seems likely that if the warnings were triggered by some sort of random, widespread system error, we would have heard of the company by now.

Some have suggested that this could indicate that malicious actors are on a large scale 2FA phishing attempt, but based on the screenshots users shared on Twitter and other social media sites, I’m not so sure about that explanation either.

The texts shared online read like official 2FA codes sent by Snapchat, which would be unusual for a 2FA phishing scam. A common 2FA phishing tactic is asking the user to “verify” their 2FA codes and other account information via SMS or email, which doesn’t work like 2FA logins on Snapchat or anywhere else. (No company will ever ask you for your account information.) Other 2FA scam messages may include a link to a fake login page that looks real but actually captures your login criteria.

None of the random 2FA Snapchat texts I’ve seen on social media contain these warning labels, which raises some doubts about the phishing scam theory. However, that doesn’t mean this wasn’t an attempted hack.

G / O Media can receive a commission

Snapchat sends 2FA codes when someone signs up on a new device, so the messages could be evidence of outside attempts to sign in. If this isn’t a bug, it could be an indication that someone out there got their hands on a list of Snapchat usernames and passwords, as 2FA codes are only sent after you’ve entered the correct credentials. It could also mean accounts that didn’t have 2FA enabled are already compromised – again, suppose this was a hack.

Whatever the cause, this 2FA problem is the perfect excuse to security clear your Snapchat account. Users should change their password and verify that their accounts are secure HaveIBeenPwned. And if you aren’t already using 2FA on Snapchat (and frankly all of your other social and email accounts), doing so is a good idea activate it asap.

[PiunikaWeb]