A website called SnapchatDB.info has published 4.6 million snapchat usernames and phone numbers and made the information available to download, after exploiting a recently discovered Snapchat exploit.
The group claims that it has made the data available to “raise public awareness” around an exploit currently present in the software. Initially the group’s threats were dismissed as a hoax, however digging by TechCrunch confirmed that one of their own editors had indeed had his details published, with others also confirming that they too have found their phone numbers online. In a statement, SnapchatDB said:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.
Despite the seemingly colossal nature of this breach, you probably have nothing to fear. When the names first surfaced nearly all users found it impossible to actually download the leaked data because of high traffic. The last two digits of every phone number was censored by SnapchatDB to prevent abuse, but claims it still may release the data unfiltered.
The account using the SnapchatDB domain has since been suspended, and the website is no longer active, so for now at least your data, if it has been lifted is not available online. It has been purported that hackers could use the exploits to find users real names, usernames and phone numbers through Snapchats API for both iOS and Android.
Snapchat is an incredibly popular picture and video messaging service and as such a breach of this nature is a little disturbing. Although the site is a little temperamental, you can enter your username here to see if your data has been leaked. Until further notice however, assume that there isn’t too much to worry about!