For those who had no idea, the snapchat database was hacked and over 6.4 million usernames and partial phone numbers were exposed online. According to the hackers “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. Security matters as much as user experience does.”
Warned in Advance
The hackers even had time to warn the chaps at Snapchat before they leaked the info, they even gave them a timeframe in which to fix a security flaw in their product before releasing details to the public. Snapchat adverted to a flaw posted on Christmas Eve by Gibson Security that claimed it could match thousands of phone numbers to usernames every few minutes. In Snapchat’s response
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,”
SnapchatDB’s website has since been taken down and it seems even way after that disclosure, Snapchat was lazy in protecting user data. The Hackers go on to boast that
“Once we started scraping on a large scale, they decided to implement minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale.”
We only hope such other popular chat apps with more users like WhatsApp have their game on.