Snapchat Database Containing Usernames and Phone Numbers Compromised

by on January 2nd, 2014

Recently, confidential data from popular photo and video sharing app Snapchat was compromised and was made available online to download freely. Two exploits and Snapchat’s API were published by Australian hackers last week, but were ignored by the Snapchat so here comes the reaction. Anonymous hackers hacked the Snapchat database couple of days back and released the information on a website snapchatdb.info. Snapchatdb.info was suspended due to huge traffic and download requests but the usernames and phone numbers of around 4.6 million Snapchat users were exposed. You can still view the cached version of the website here. Hackers provided a link to download hacked database as SQL dump or CSV file. The main purpose of the hackers seemed to be releasing huge information of millions of phone numbers and usernames to collect donation in return and to alert Snapchat so that they may fix the exploits.

Snapchatdb.info displayed following message:

SnapchatDB!
Bringing 4.6 million users’ information to your fingertips…
You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.

As displayed by the website, the hackers wanted to collect the donation in bitcoin format that is unregulated online currency.

The hackers behind SnapchatDB used a recently published Snapchat API exploit to access the Snapchat’s usernames and phone numbers. On the hackers website where they released database they mentioned their contact information. Few authorities made contact with them to have few questions answered.

Hackers told that their motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get the security exploits fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

They said further, that:

We hope to see that Snapchat patches the exploit, and patches it well this time … Especially after seeing the magnitude of attention that our leak received, we think that Snapchat will be targeted by other groups if they don’t safeguard user security. We expect Snapchat to roll out a proper patch and notify their users and assure them that they will be more careful with their private information from now on.

They also said they have the uncensored Snapchat database “stored in multiple locations.” Mirrors and torrents of the database are now widely available online.

Was your Snapchat account compromised? Following are tools to check the security status of your Snapchat account.

GS Lookup – Snapchat helps to understand snapchat users if they were affected by the hacking event so that they could take the appropriate actions to secure their Snapchat account.

snapcheck.org also can notify you if your Snapchat account was compromised and made available public or not.


Share