Snapchat hack affects 4.6 million users

 
Snapchat logo Gibson Security said it had warned Snapchat about vulnerabilities in its app

Related Stories

The usernames and phone numbers for 4.6 million Snapchat accounts have been downloaded by hackers, who temporarily posted the data online.

A website called SnapchatDB released the data but censored the last two digits of the phone numbers.

It has since been taken offline but a cached version is still available.

The hack comes days after an Australian firm, Gibson Security, warned of vulnerabilities in Snapchat's app which it said could be exploited by hackers.

Gibson Security said it was not involved in the hack: "We know nothing about SnapchatDB, but it was a matter of time till something like that happened," the firm tweeted.

The hackers behind the website that published the data said they had exploited the security flaw highlighted by Gibson Security.

"We used a modified version of gibsonsec's exploit/method," they were quoted as saying by tech blog, Tech Crunch.

Stronger safeguards?

Snapchat has grown in popularity as an app that allows people to share pictures, safe in the knowledge they delete themselves after being viewed.

Snapchat explained in 60 seconds

It has a feature called Find Friends, which allows users to upload their address book contacts to help find friends who are also using the service.

In its report published on 25 December, Gibson Security warned that a vulnerability on the Snapchat app could be used to reveal the phone numbers of users.

The firm said it had first warned Snapchat about this four months ago, adding that "nothing had been really been improved upon".

Vulnerability

Gibson claimed that it had been able to crunch through ten thousand phone numbers of Snapchat users "in approximately 7 minutes on a gigabit line on a virtual server".

In response to the Gibson report, Snapchat acknowledged a potential vulnerability but said it had taken measures to protect user data.

Start Quote

Their latest changes are still not too hard to circumvent”

End Quote SnapchatDB

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way," it said in a blogpost last week.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

However, the hackers behind the SnapchatDB, the site that published the phone numbers, said the measures were not strong enough.

"Even now the exploit persists. It is still possible to scrape this data on a large scale," they claimed.

"Their latest changes are still not too hard to circumvent."

 

More on This Story

Related Stories

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    +5

    Comment number 57.

    The moderators have been doing a lot recently to protect us from 'hate' speech etc on HYS, so if they ask for comments on some company most people have never heard of they can take it easy for a while.

    I really couldn;t give a toss, I'm only commenting because I'm bored

  • rate this
    +8

    Comment number 56.

    @54. The Realist

    So Gibson Security, a technology firm, find a vulnerability. Instead of going to SnapChat in private they tell the world they found the security flaw. Now the flaw has been exploited by hackers.

    Why aren't the people responsible for exposing the flaw at Gibson Security under arrest already?

    --

    Because they haven't broken any laws.

  • rate this
    +2

    Comment number 55.

    Face-chat women: please note:-

    Please do not call me now that you have my number... there was some trick-photography involved and I was sitting at a funny angle

    Thanks for your co-operation

  • rate this
    -4

    Comment number 54.

    So Gibson Security, a technology firm, find a vulnerability. Instead of going to SnapChat in private they tell the world they found the security flaw. Now the flaw has been exploited by hackers.

    Why aren't the people responsible for exposing the flaw at Gibson Security under arrest already?

  • rate this
    +2

    Comment number 53.

    Just waiting for the lulzmumz hacker group to claim responsibility.

    Angered by the use of snap chat and other apps by their moody teenage kids they will form up from the lower ranks of the mumsnet community and act as superheros of the web to take revenge on apps they see as not doing enough to protect their kids from harm while using them.

    ;) If the world were more fun this would be true lol

  • rate this
    +4

    Comment number 52.

    So an app that exists pretty much solely so kids can "sext" is not very secure.

    Hopefully a wake up call to those silly enough to be using it! The moment you send ANYTHING out over any sort of wireless/wired connection you lose control of it. So don't send it if you don't want control!

  • rate this
    +4

    Comment number 51.

    There is no such thing as temporarily uploaded to the internet, the thing about the internet is once information is leaked, the genie is out of the bottle, the information has been copied and spread around dozens of websites by now, shutting down one website does not make it go away, nothing is temporary on the internet lovely I'm afraid.

  • rate this
    +1

    Comment number 50.

    @47. NonLondonView
    If GCHQ knew you had this "phone directory" you speak of they'd lock you up.

    :P You'll get a whole life with no chance of release if you have the yellow pages, that's a threat to UK business to own the yellow pages.

  • rate this
    -1

    Comment number 49.

    Check out Pingl.co for safer ways to communicate because Pingl does what snap chat does only better.

  • rate this
    +1

    Comment number 48.

    Why is the BBC giving something no-ones' ever heard of a free advert?

  • rate this
    0

    Comment number 47.

    I have a secret stash of maybe 250,000 names, addresses and phone numbers..

    its called...

    wait for it...

    A "Phone Directory"

  • rate this
    +1

    Comment number 46.

    Who cares?

  • rate this
    +6

    Comment number 45.

    These sites don't have the knowhow or resources to stop hacking and it was only a matter of time before this happened and it will happen again and again..

  • rate this
    0

    Comment number 44.

    Oh dear, I bet they wish that erroneous database could be deleted, like a snapchat chat! - sadly not... the old adage applies... If you live by the data-harvest, you die by the data-harvest... I wouldn't be surprised If this is some kind of corporate E-spionage... wasn't this service about to be bought up? Interest snapped in half... but get it fixed anyway, not that I'll ever us it.

  • rate this
    -1

    Comment number 43.

    With every new day comes another new cyber hack with personal details stolen and listed or sold, etc for some other neferious activity. Yet millions of people every other day will sign up to another (un)secure site and provide their details. I can understand details given to a store or bank, but a photo share site of social network? But it will be forgotten a day later and the cycle continues.

  • rate this
    -1

    Comment number 42.

    Snap Chat have all ways been more about offering a fun user experience more than a secure one. I'm sure if you look you can find many other falls in the security of the application. I think it is time for Snap Chat to step up or put up with the bad publicity and wait for someone else to bring out a more secure way to share erratically.

  • rate this
    +3

    Comment number 41.

    Nothing on the internet is safe.

    Get used to it.

    Postcards are safer!

  • rate this
    +2

    Comment number 40.

    This highlights the dangers of using the same Usernames/Password for multiple online accounts. The Database of compromised personal information had been made available online but later removed. However there are sites springing up where SnapChat users can check if their details were compromised. Maybe this isn't a good idea either as you could give away information to the wrong people..

  • rate this
    +1

    Comment number 39.

     
    No worries! I don't look anything like my pictures...

  • rate this
    -2

    Comment number 38.

    Why people with all this NSA and all other affaires still post personel info about themselfs

 

Page 2 of 4

 

More Technology stories

RSS

Features

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.