TweakTown
Tech content trusted by users in North America and around the world
5,675 Reviews & Articles | 36,068 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Snapchat user database hacked, 4.6M users compromised

Snapchat user database compromise affects 4.6 million users and exposes contact information

| Hacking & Security News | Posted: Jan 2, 2014 3:30 am

Snapchat is one of the most popular image sharing services in the mobile ecosystem, and today more than 4.6 million users are learning that their contact information has been hacked by unknown persons. A website called SnapchatDB.info has popped up that list out usernames and phone numbers of each account that was compromised.

 

TweakTown image news/3/4/34586_1_snapchat_user_database_hacked_4_6m_users_compromised.jpg

 

Originally thought of as a hoax, SnapchatDB.info has been confirmed as real and its creators say that they stole the information and created the website to raise awareness around the security issues surrounding Snapchat. SnapchatDB.info did censor the last two digits of each phone number to reduce spam, and unwanted messages to users, but with only 10 numbers per spot, it would only take a few minutes to figure out which is correct. The full statement from SnapchatDB.info has been pasted below.

 

Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

 

We used a modified version of gibsonsec's exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec's private communications, yet they didn't. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.

 

We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn't want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.

NEWS SOURCE
Techcrunch.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below