6 Comments

Summary:

4.6 million usernames and phone numbers have been scraped from Snapchat’s database and dumped online.

Evan Spiegel (left) and Bobby Murphy, the co-founders of the Snapchat app, at the company's offices.

Three days ago, ephemeral communication app Snapchat released a statement on its website responding to a group of security professionals at Gibson Security who posted what they claimed to be numerous exploits of the app’s API. The hot startup waved those claims away in the post:

Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.

But apparently those safeguards weren’t secure enough, as a team of hackers posted 4.6 million usernames and phone numbers of Snapchat users as a downloadable database just before midnight on Tuesday.

Right now, the database is censored, blurring the last two digits of each user’s phone number. But the hackers, who are currently anonymous, hinted that they might be willing to turn over the raw data to the right party.

“The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” the website says.

That’s an inauspicious start to 2014 for one of 2013′s hottest apps.

  1. Sandeep Singh Thukral Wednesday, January 1, 2014

    Well,the list can no longer be downloaded

    Share
    1. False, there are many mirrored links such as http://evilrouters.net/schat.csv.bz2

      Share
  2. quick way to check if your account was hacked : http://findmysnap.com/

    Share
  3. Reblogged this on THE TRUTH UNTAINTED and commented:
    Technology will never be infallible.

    Share
  4. This is unfortunate because I’m a huge fan of SnapChat and other privacy-based sites such as Ravetree and DuckDuckGo. Hopefully they can get this sorted out. It would be a MUCH bigger deal if google gets hacked because of all the personal information they collect about its users (including your browsing history information).

    Share
  5. This is not so much a hack, but built in to the basic design of SnapChat and every other app that asks you to upload your phone number so that everyone who knows your phone number can find you. Obviously, if you can map a phone number to a username, you can build the reverse map simply by looking up every phone number. In this day an age, every directory is eventually bi-directional.

    Share

Comments have been disabled for this post