Man Tricks Hundreds of Women into Snapchat Code Handover

Kyle Svara, a 27-year-old from Oswego, Illinois, pleaded guilty in federal court in Boston to charges including aggravated identity theft, wire fraud, computer fraud, conspiracy, and making false statements. Between May 2020 and February 2021, he targeted nearly 600 women across the US, tricking 571 into handing over Snapchat's six-digit security codes, which led to confirmed unauthorized access to at least 59 accounts.

Svara didn't breach Snapchat's systems technically. Instead, he used social engineering: collecting phone numbers and emails, triggering legitimate login attempts to send codes to victims' devices, then posing as Snapchat support via over 4,500 anonymous VoIP messages. Victims shared codes to 'verify' or 'secure' their accounts, granting immediate access without passwords.

Svara's focus was Snapchat's 'My Eyes Only' feature, protected by a secondary four-digit PIN for sensitive content like private photos. By coaxing both the login code and PIN, he bypassed dual security layers, downloading nude images and other material. He didn't keep it privatehe advertised 'hacker-for-hire' services on Reddit and forums, selling or trading access and content for money.

Prosecutors noted Svara lied to investigators about some hacks, contradicted by evidence. This case highlights how phishing exploits human trust over technical vulnerabilities, treating codes as protected credentials equivalent to keys.

This incident underscores women's ongoing privacy risks on social platforms, where intimate sharing meets sophisticated scams. Snapchat's encryption held, but multi-factor authentication (MFA) codes proved phishable, affecting real livesvictims lost control over personal images, facing distribution and emotional harm. It matters because one person's deception scaled to hundreds, eroding trust in apps millions use daily for ephemeral communication.

Imagine Sarah, a college student, gets a Snapchat login alert on her phone while studying. Seconds later, a text from 'Snapchat Support' asks for her code to 'resolve an issue.' Panicked about losing streaks or memories, she shares it quickly. The attacker logs in, accesses her 'My Eyes Only' folder with a guessed or phished PIN, and extracts photosnow sold online, haunting her job search years later. This mirrors Svara's tactics, showing how urgency bypasses caution.

Snapchat blocks unrecognized logins requiring verification and never requests codes via email or text. Users should change passwords immediately upon suspicious alerts, enable two-factor authentication, and verify linked emails/phones. Check app settings for sessions and ignore urgent demands.

• Never share login codes, even brieflythey're digital keys.
• Use strong, unique passwords and recovery options.
• Report via Snapchat: Settings > 'I Need Help' > 'My Account & Security.'

Snapchat supports passkeys, device-bound cryptographic alternatives to passwords and MFA codes, unphishable since they can't be relayed. Adopting them strengthens defenses against such attacks.

As phishing evolves, platforms like Snapchat may prioritize passkeys and AI-driven anomaly detection to flag timed support impersonations. Federal charges signal harsher penalties for social engineering, deterring hackers-for-hire. Users must cultivate skepticismslowing down could prevent breaches. Expect broader education on code risks and regulatory pushes for phishing-resistant auth, safeguarding the next wave of social media users from privacy invasions.

For the victims, justice arrived late, but their stories remind us: behind every hacked account is a person whose trust was weaponized. Strengthening habits now protects tomorrow's digital lives.