Snapchat hackers post phone numbers of 4.6m users online

PUBLISHED : Thursday, 02 January, 2014, 8:15pm
UPDATED : Friday, 03 January, 2014, 2:21am


An anonymous group of hackers has dumped a vast database of what appeared to be 4.6 million Snapchat users' mobile numbers and users names.

It comes just days after Snapchat claimed it had safeguards in place to fix a security vulnerability that could divulge users' personal information.

A website called SnapchatDB released the vast database, which included usernames and phone numbers of Snapchat users in the US. The last two digits of each number were redacted by the group.

The site later appeared to have been taken down. It said that the material had been published to "raise awareness" of the issue.

"This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it," it said.

"For now, we have censored the last two digits of the phone numbers in order to minimise spam and abuse."

The site also said it might consider releasing the unredacted database "under certain circumstances".

The publication of the user names and numbers came after details of the vulnerability was made public on Christmas Day by an Australian security research group called Gibson Security. The group outlined how the vulnerability could be exploited, and said Snapchat did not respond to it when it raised the issue months ago.

Gibson Security tweeted it had no involvement in the release of the user information.

"We know nothing about SnapchatDB, but it was a matter of time til something like that happened," it tweeted.

After Gibson published its findings, Snapchat said it took user privacy seriously and replied in a blogpost: "Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

Snapchat, an app that allows users to send photos and e-mails that delete after a maximum of 10 seconds, had not responded to a request for a comment on the release of the database.