Blog Post

Snapchat hacked: 4.6 million usernames and phone numbers lifted

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Three days ago, ephemeral communication app Snapchat released a statement on its website responding to a group of security professionals at Gibson Security who posted what they claimed to be numerous exploits of the app’s API. The hot startup waved those claims away in the post:

Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.

But apparently those safeguards weren’t secure enough, as a team of hackers posted 4.6 million usernames and phone numbers of Snapchat users as a downloadable database just before midnight on Tuesday.

Right now, the database is censored, blurring the last two digits of each user’s phone number. But the hackers, who are currently anonymous, hinted that they might be willing to turn over the raw data to the right party.

“The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” the website says.

That’s an inauspicious start to 2014 for one of 2013’s hottest apps.

6 Responses to “Snapchat hacked: 4.6 million usernames and phone numbers lifted”

  1. This is not so much a hack, but built in to the basic design of SnapChat and every other app that asks you to upload your phone number so that everyone who knows your phone number can find you. Obviously, if you can map a phone number to a username, you can build the reverse map simply by looking up every phone number. In this day an age, every directory is eventually bi-directional.

  2. This is unfortunate because I’m a huge fan of SnapChat and other privacy-based sites such as Ravetree and DuckDuckGo. Hopefully they can get this sorted out. It would be a MUCH bigger deal if google gets hacked because of all the personal information they collect about its users (including your browsing history information).