Snapchat Hacked with 4.6M Usernames and Phone Numbers Leaked Online
The database of messaging application Snapchat has been hacked and account information of 4.6 million users has temporarily been posted online by hackers.
The hacker, known as "Lightcontact", first posted the account information on Reddit and on a website called SnapchatDB.info, which was later taken offline.
While the information was posted online, the hacker did censor the final two digits of users' phone numbers and their second names.
In a statement to technology blog TechCruch, SnapchatDB said it got the information through a recently identified and patched Snapchat exploit.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," SnapchatDB said.
"It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
"Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn't want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness."
Early Warnings
Snapchat is a multi-platform application offering privacy in sending pictures between phones. The app became popular with its feature allowing people to share pictures that will be deleted automatically after being viewed.
Those running Snapchat was warned last year about the potential for hacking by Australian internet security group Gibson Security. The firm claimed that it could obtain 10,000 phone numbers of Snapchat users "in approximately 7 minutes on a gigabit line on a virtual server".
Snapchat later admitted the flaws in the application, adding that it has added more security features.
"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way," Snapchat said in a blogpost.
Various safeguards
"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."
SnapchatDB noted that the measures were not strong enough to prevent hacking.
"Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent," it said.
Gibson Security denied any role in the hack.
"We know nothing about SnapchatDB, but it was a matter of time till something like that happened. Also the exploit works still with minor fixes," it tweeted.
© Copyright IBTimes 2024. All rights reserved.