There’s no doubt that Snapchat was one of the most influential messaging applications of 2013, but its new year isn’t starting off on the strongest note. Just hours into the new year, hackers at the SnapchatDB! offering over 4.6 million Snapchat usernames and phone numbers for download just days after a blog post from Snapchat downplayed security issues found by Gibson Security during the holiday season. This breach was apparently in response to these issues.
“[Snapchat] was too reluctant at patching the exploit until they knew it was too late”
“The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” reads part of a statement on the site.
The available database on the website — taken down “not due to legal action, but due to the hosting provider being intimidated by the overwhelming attention that this is getting,” according to the group — houses 4,609,621 accounts from 76 of the 322 United States area codes. The data, which is provided in a format with the last two digits of each number censored “in order to minimise spam and abuse”, appears isolated to user accounts located in the USA.
It remains unclear how Snapchat will respond to the security exploit
“We used a modified version of [Gibson Security’s] exploit/method,” SnapchatDB!’s alleged creators tell The Verge. “Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale.”
The exploit still exists in Snapchat, continually exposing user phone numbers. However, Snapchat has yet to release a statement on the leak and any plans it has to patch the security exploit, if any. We’ll update this article as new information is discovered.