Snapchat users are in big trouble as hackers managed to post 4.6 million user account information on the Internet. Information posted includes usernames and partial phone numbers, and they are all available for download. This is a big problem, one that might force some users to leave Snapchat for a competing platform such as Instagram, or the Justin Bieber-supported app that is called Selfie.
According to reports, the leaked information were posted on a website called SnapchatDB.info. Furthermore, when it comes down to the leaked phone numbers, only the last two digits were blocked out from being viewed. Still that didn't stop some users from recognizing their phone numbers when they viewed the leaked information via the website. One user from TechCrunch claimed that his phone number was on the list, along with the phone number of Snapchat co-founder Evan Spiegel.
"This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue," according to the site. "The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it."
The good news right now is that SnapchatDB.info has been suspended, so all 4.6 million leaked username information is no longer available for the public to see or download. However, despite the site being suspended, the people behind the leak, shared with The Verge why they took that route. "Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," they said.
Interestingly enough though, Snapchat was warned beforehand and failed to take heed. A hacker group based in Australia that goes by the name Gibson Security, had complained several times that Snapchat code was filled with errors and security holes. After not getting any response, the group had posted a report on Dec. 24, 2013, detailing how Snapchat could be hacked to reveal user names and match them with phone numbers.
A few days after the Gibson Security posted the report online, Snapchat played down the seriousness of the problem with the following statement via a blog post.
"Adding a phone number to your Snapchat account is optional, but it's helpful for allowing your friends to find you. We don't display the phone numbers to other users and we don't support the ability to look up phone numbers based on someone's username," Snapchat wrote. "Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."
"Happy Snapping!" Snapchat said. The app, which lets the user snap a photo or a video, add a caption, and share it with friends for up to 24 hours after which it disappears, has over 100 million active users who send more than 350 million shots or videos of themselves on a daily basis.
In response, Gibson Security tweeted it will offer "more proof."
Following the leak on SnapchatDB.info, Gibson Security tweeted it was not involved in the leak but warned that despite minor fixes implemented by Snapchat, the exploit still works.
Snapchat, which had spurned Facebook's $3 billion acquisition offer last November, didn't respond to requests for comments. Guess, it isn't feeling chatty anymore.