A website called SnapchatDB has made available for download what they claim is a database of 4.6 million Snapchat users, revealing usernames and phone numbers.
An obvious concern is that many people on the internet adopt the same username on multiple services, perhaps making it easy for unauthorised parties to determine the private phone numbers of – say – Twitter or Facebook users.
And, of course, it’s possible that you have been flirting with someone via Snapchat that you *didn’t* want to have access to your phone number. Snapchat, you will remember, is designed to let you send a sexy snap that is only supposed to be viewable for a few seconds before it is destroyed).
The database’s release is further bad news for the popular iOS and Android app, which just before Christmas caught the attention of an Australian security group who published an API detailing how to access any phone number and username from the smartphone photo-sharing service beloved by sexting teens.
The group, who went by the name of Gibson Security, claimed they had been provoked by Snapchat who they felt had ignored the privacy hole which had been first disclosed in August 2013.
On December 27, Snapchat said that they had “implemented various safeguards” and “additional counter-measures” to make it more difficult for hackers to scoop up the details of users.
The database of 4.6 million usernames and phone numbers was, according to the people behind the website, done to “raise awareness” of the exploit.
This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.
The only modicum of comfort for affected users is that the last two digits of their phone numbers have been redacted from the downloadable database, although that may still be enough to help pinpoint a user’s approximate location and – worryingly – the anonymous hackers behind the SnapchatDB website say that under certain cirumstances they may be prepared to release it.
At least one website – www.snapcheck.org – has been created, claiming to help Snapchat users determine if their details might have been exposed by the privacy breach.
Be careful out there.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.