Snapchat users have bombarded with repeated, unexpected two-factor authentication (2FA) text messages this week, but it’s unclear whether the cause is due to a glitch on Snapchat’s end, or due to hackers attempting to break into unsecured Snapchat accounts en masse. Either way, it’s not a bad idea to update your Snapchat password right away.
As of this writing, Snapchat has yet to comment on the issue. I’m purely speculating, but it seems likely we would’ve heard from the company by now if the alerts were triggered by some sort of random, widespread system glitch.
Some have proposed this could indicate malicious actors have launched a large-scale 2FA phishing attempt, but based on the screenshots users have shared on Twitter and other social media sites, I’m not so sure about that explanation either.
The texts shared online read like official 2FA codes sent from Snapchat, which would be unusual for a 2FA phishing scam. A common 2FA phishing tactic is to ask the user to “confirm” their 2FA codes and other account info over text or email, which isn’t how 2FA sign-ins work on Snapchat or anywhere else. (No company will ever ask you for your account info.) Other 2FA scam messages may include a link to a spoofed login page that looks the real thing but actually harvests your login criteria.
None of the random 2FA Snapchat texts I’ve seen shared to social media include these red flags, which casts some doubts on the phishing scam theory. Still, that doesn’t mean this wasn’t an attempted hack of some kind.
Snapchat sends 2FA codes whenever someone signs in on a new device, so the messages could be evidence of attempted logins from outsiders. If this isn’t a glitch, they could be an indication someone out there got their hands on a list of Snapchat usernames and passwords, since 2FA codes are only sent after you input the correct login information. It could also mean that accounts that did not have 2FA enabled are already compromised — again, assuming this was a hack.
Whatever the cause, this 2FA issue is the perfect excuse to give your Snapchat account a security checkup. Users should change their password and double-check their accounts are safe using HaveIBeenPwned. And if you aren’t already using 2FA on Snapchat (and, frankly, for all of your other social and email accounts), it’s a good idea to enable it as soon as possible.