According to multiple reports, over 4.5 million SnapChat usernames and phone numbers have been hacked, and leaked online, with hackers posted the information on a website for all to see
The website, called SnapChatDB.info has been suspended after the database of information was free to download, both as CSV file or a SQL dump
/ SEE ALSO// iTunes hacked: Go check your account
“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with,”
The Hack affects almost 4.6 million users
The leak includes both usernames and phone numbers
SnapChat has made aware of the exploit over a week ago
Those responsible for the hack gained access to the information using a recently published API exploit.
“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on SnapChat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does…Our main goal is to raise public awareness on how reckless many Internet companies are with user information. It is a secondary goal for them, and that should not be the case.”
– SnapChatDB in a written statement
The exploit was originally pointed out by Australian-based Gibson Security, which published their findings last week. The hackers who used SnapChatDB used a ‘modified version’ of the exploit. SnapChat addressed the original exploit last Friday, in a short blog post saying:
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse…”
SnapChatDB says it was forced to tale action because of SnapChat’s reluctance to take “the necessary steps to secure user data”. Gibson Security has made it clear that they have no hand in the hack.
“As much as we were hoping that it wouldn’t come about, we felt that something like this was inevitable — SnapChat may have invoked it with their recent blog post about how they had fixed the exploit and that the entire thing was a nonissue.”
– Gibson Security
SnapChat did not respond to a request for comment.