Hackers claim they wanted to show up Snapchat security weakness
The apparent breach, which Snapchat is yet to comment on, came a matter of days before Australian researchers from Gibson Security detailed a way to access such information from the photo messaging company.
Snapchat later sought to assuage users’ concerns, posting on a blog on 27 December it had “implemented various safeguards” to prevent the attack.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” the company admitted.
Yet the information was accessed and subsequently published by an unknown hacking collective on a website called SnapchatDB, using Gibson Security methods. “The company [Snapchat] was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” a message accompanying the leak read.
Whilst the last two digits of people’s numbers have been blanked out in the published data, security experts remain concerned about the potential for abuse.
“An obvious concern is that many people on the internet adopt the same username on multiple services, perhaps making it easy for unauthorised parties to determine the private phone numbers of – say – Twitter or Facebook users,” wrote security expert Graham Cluley, in his blog.
“And, of course, it’s possible that you have been flirting with someone via Snapchat that you didn’t want to have access to your phone number. Snapchat, you will remember, is designed to let you send a sexy snap that is only supposed to be viewable for a few seconds before it is destroyed.”
Snapchat had not responded to a request for comment at the time of publication.
UPDATE: Following this news, Massachusettes-based programmer and Snapchat userVik Paruchuri has released Snapcheck, a website where users can enter their Snapchat username or mobile phone number in order to see if their information has been leaked.
What do you know about Internet security? Find out with our quiz!