The Latest in IT Security

Snapchat Attack May Have Exposed Data of Millions of Users

02
Jan
2014

Snapchat is having a rough start to 2014.

Roughly a week after security researchers disclosed details of exploits against the popular photo messaging service, a group of hackers published the user names and associated phone numbers of 4.6 million Snapchat users.

According to a post on SnapchatDB.info, the database contains username and phone number pairs for “a vast majority” of the Snapchat users. The site has apparently been taken down by the hosting provider. However, a cached version of the site indicates that the people behind the disclosure used the technique revealed last week by Gibson Security. Following the disclosure, Gibson Security – which said it only published details of the exploit after Snapchat failed to take action – denied any involvement with the leak in a tweet Dec. 31.

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,” according to the SnapchatDB.info post. “The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”

“For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse,” the post continued. “Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”

The proof-of-concept exploit Gibson Security published last week took advantage of the “find_friends” feature in the Snapchat application programming interface (API) to iterate and match the phone numbers of users to their Snapchat accounts in a short period of time. Gibson originally contacted Snapchat about the vulnerability and other issues in August.

“An obvious concern is that many people on the Internet adopt the same username on multiple services, perhaps making it easy for unauthorized parties to determine the private phone numbers of – say – Twitter or Facebook users,” blogged security researcher Graham Cluley.

The popular mobile application, developed Stanford University students in 2011, reportedly rejected a $3 billion acquistion offer from Facebook last year.

Snapchat did not respond to a request for comment before publication.

Tweet

Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:5 of the Top Security Breaches of 2013Snapchat Attack May Have Exposed Data of Millions of Users Apple Denies Cooperating With NSA to Develop iPhone BackdoorResearchers Demonstrate MicroSD Card HackNSA Document Lists Tools Targeted Popular Hardware, Software: Report

sponsored links

Tags: NEWS INDUSTRY

Vulnerabilities

Comments are closed.

Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments