 "Snapchat hack leaves data of 4.6 million users out in the open")
The new year has started on a rather sour note for Snapchat, the self-destructing messaging app that gained massive popularity in 2013. Usernames and phone numbers of over 4.6 million Snapchat accounts have found their way online after hackers managed to weasel the data off the service.
SnapchatDB , where all the data has been posted in the form of an SQL dump and CSV text, contains details of users like their Snapchat ID and the linked phone number along with their locations. The hackers, however, censored the last two digits of the users’ phone numbers in order to “minimise spam and abuse”. In an interaction with The Verge , the alleged hackers and owners of SnapchatDB said “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. Security matters as much as user experience does."
Information leaked
What the hackers are referring to is Snapchat’s inability to block a known vulnerability, despite claiming to have done so. Early last week, Gibson Security, a research group claimed to have found a hole in Snapchat’s security and its “find friends with phone numbers” function. Snapchat confirmed the issue but said that it had taken measures to protect user data. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” Snapchat said in a blogpost last week. “Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
It’s this very vulnerability that Snapchat acknowledged that has been exploited. The domain name SnapchatDB has now been suspended. The owners of SnapchatDB wrote that users should “feel free” to contact them in case they wanted access to uncensored phone numbers. Usernames have not been censored, interestingly, since the group claims that people end up using the same username across multiple websites online. It also wrote that those who downloaded information could try to “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Even while reports have confirmed that this hack has been limited to mainly Snapchat users in the US and North America, The Next Web has reported of a tool to help check if your account has been compromised. The tool was created by developers Will Smidlein and Robbie Trencheny and is a checker script you can use to see if you data was leaked.
Intrigued by all things social, Nishtha will invariably tweet about you. When not tweeting or writing about the next viral video, you will hear her proclaiming her love to Metallica, James Hetfield, Opeth, Akerfeldt and all bands that go 'growl'. She also obsesses about ACP Pradyuman and South Park and you will always find her moving around with a book. Her focus is on all the happening stuff in the tech domain, and she won't hesitate to take a shot at some of the oddball devices that make their way to our labs.