Popular social sharing app Snapchat has been hacked, and the account info for 4.6 million users has been released online. Usernames and a partial phone numbers were available for download on a website set up by the hackers.
The phone numbers and account information was posted to SnapchatDB.info. The site was suspended by late Wednesday morning, but not before the data could be leaked. So far it appears only partial phone numbers were leaked, but it’s not clear if more information could have been gleaned.
The hackers apparently had a goal of showing how easily compromised Snapchat accounts can be, and to urge the company to tighten its security. A recent update to the Snapchat app created a security hole that was easily exploitable. The hackers released the users’ information but left the final 2 digits of the phone numbers blurred out. However, they’ve indicated the full numbers could still be released.
The hackers remain anonymous, but they’ve released this statement to TechCrunch:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.
Snapchat hasn’t released a statement at this time.
If you’d like to find out if you’re one of the 4.6 million people whose information was released, Gibson Securities has made an easy utility to look it up here. There isn’t much other recourse, unfortunately. But probably the worst thing you’ll experience is a couple extra spam texts.
So is this leak going to spell the end for Snapchat? Snap back in the comments!