Snapchat sees 4.6m usernames and numbers published as messaging service is hacked

Snapchat: picture messaging service is hacked
Snapchat: picture messaging service is hacked

Snapchat, the picture messaging service, has been hacked and a reported 4.6 million people's usernames and numbers have been published.

The app, which allows people to send images to friends that then self-destruct after a set amount of time, has had its security shown up by a site called SnapchatDB.info.

While the site currently appears to be suspended, SnapchatDB has saved the usernames and phone numbers of 4.6 million accounts, while making this information publically available to download.

The site told Tech Crunch that its "motivation behind the release was to raise the public awareness" around the issue of security on the Snapchat app, and to "put public pressure on Snapchat to get this exploit fixed."

The site said: "It is understandable that tech start-ups have limited resources, but security and privacy should not be a secondary goal. Security matters as much as user experience does."

The SnapchatDB site claims it wanted to "minimize spam and abuse that may arise from this release," and therefore censored the last two digits of peoples’ numbers, claiming that its main goal is to "raise public awareness on how reckless many internet companies are with user information".

"You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness," it concluded.

Last week Snapchat posted on its blog an acknowledgement of possible security breaches to its system, citing a "security group" who posted documentation for the app’s private API.

Snapchat said: "This documentation included an allegation regarding a possible attack by which one could compile a database of Snapchat usernames and phone numbers."

Snapchat said its "Find Friends" feature, which allows users to upload their address book contacts to the app in order to find people, does not display the phone numbers to other users and, "We don’t support the ability to look up phone numbers based on someone’s username".

It added: "Theoretically, if someone wanted to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way.

Snapchat said it has implemented various safeguards over the past year to make this kind of upload more difficult to do, adding "additional counter-measures" while continuing to make improvements to combat spam and abuse.

 

Discussion

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus
Brand Republic Jobs

subscribe now