If you’re a SnapChat user then you should be concerned. The hacker group Anonymous have exploited an API that has allowed them to download the details of 4.6 million users including their usernames and phone numbers.
A website set up to serve this data at http://snapchatdb.info/ points out that SnapChat have known about this exploit for some time but have been lax in responding to the issue:
This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.
The information posted on the site is censored – obfuscating the last two digits of each phone number. However, the release of a number of usernames is a concern for any user. As Anonymous have pointed out, People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts.
As the battle for messaging platforms seems to be a hot topic in 2014 – this isn’t how SnapChat would want the year to start.
The security exploit that was used had been reported to SnapChat by Gibson Security – but was dismissed by the messaging company.
Despite the redaction of user data, the hackers state on their site that “Under certain circumstances, we may agree to release it.”
In the meantime if you would like to check if you are in the database then visit http://robbiet.us/snapchat/, where a tool in which you can type in your username to see if you are in the database has been set up.
This isn’t the first time security has been scrutinised for SnapChat. The question remains: Will this bother the teenagers and youngsters that use this service?
