Snapchat hack affects 4.6 million users

 
Snapchat logo Gibson Security said it had warned Snapchat about vulnerabilities in its app

Related Stories

The usernames and phone numbers for 4.6 million Snapchat accounts have been downloaded by hackers, who temporarily posted the data online.

A website called SnapchatDB released the data but censored the last two digits of the phone numbers.

It has since been taken offline but a cached version is still available.

The hack comes days after an Australian firm, Gibson Security, warned of vulnerabilities in Snapchat's app which it said could be exploited by hackers.

Gibson Security said it was not involved in the hack: "We know nothing about SnapchatDB, but it was a matter of time till something like that happened," the firm tweeted.

The hackers behind the website that published the data said they had exploited the security flaw highlighted by Gibson Security.

"We used a modified version of gibsonsec's exploit/method," they were quoted as saying by tech blog, Tech Crunch.

Stronger safeguards?

Snapchat has grown in popularity as an app that allows people to share pictures, safe in the knowledge they delete themselves after being viewed.

Snapchat explained in 60 seconds

It has a feature called Find Friends, which allows users to upload their address book contacts to help find friends who are also using the service.

In its report published on 25 December, Gibson Security warned that a vulnerability on the Snapchat app could be used to reveal the phone numbers of users.

The firm said it had first warned Snapchat about this four months ago, adding that "nothing had been really been improved upon".

Vulnerability

Gibson claimed that it had been able to crunch through ten thousand phone numbers of Snapchat users "in approximately 7 minutes on a gigabit line on a virtual server".

In response to the Gibson report, Snapchat acknowledged a potential vulnerability but said it had taken measures to protect user data.

Start Quote

Their latest changes are still not too hard to circumvent”

End Quote SnapchatDB

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way," it said in a blogpost last week.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

However, the hackers behind the SnapchatDB, the site that published the phone numbers, said the measures were not strong enough.

"Even now the exploit persists. It is still possible to scrape this data on a large scale," they claimed.

"Their latest changes are still not too hard to circumvent."

 

More on This Story

Related Stories

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • Comment number 77.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • rate this
    0

    Comment number 76.

    Welcome to the future.

    The internet is not the place to do Banking, Post personal information about youself or Shop using plastic.

    Yet more and more its being shoved down our throats in the name of progress.

    if hackers can make money from this data, they will and its easy to do.

    Treat the internet with caution.

    Your data is not safe on it.

  • rate this
    +1

    Comment number 75.

    12.paulmerhaba
    10 Hours ago
    How many users did the hack on the beeb over christmas affect, or was that just advertisers?
    ---------
    The BBC is wonderful at sanitising the news & I suspect we would only find out if our details had been hacked when we received dodgy e-mails from the 'moderator' ( I received one last week - I had not made a comment for several days ..... imagine my surprise!)

  • rate this
    +1

    Comment number 74.

    When will these stupid companies (and the BBC for that matter) learn that if you DO NOT HAVE the data it can't be demanded by the NSA or lost in a hack. Stop asking for personal data you DO NOT NEED and then you stop having a problem. No one breaks into my house to steal the Crown Jewels because they are NOT HERE!!!! It is very simple really.

  • rate this
    +1

    Comment number 73.

    Secuirty flaws are in every system. Once it is exposed and Hackers find the loop hole then exploit it. Just dont use these systems. It is obvious if you wnat to make a quick buck and have the skills you look at new IT start ups where the build is more important then the security until it is exposed. By then it is too late and your details are out in the big wild world.

  • rate this
    0

    Comment number 72.

    It`ll be the NSA trying to infitrate our youth

  • rate this
    0

    Comment number 71.

    Not surprised when sites like SnapChat have security flaws. Staff probably thought the internet secured itself.

    Items can eventually disappear from the internet-it may just take years but it does happen.

  • rate this
    0

    Comment number 70.

    One hack not a big thing - think about what happend if you loose smartphone - that is really scary but nobody things about it and buys more and more apps which are all open when you loose the phone...!!!

  • rate this
    -1

    Comment number 69.

    REALITY LIFE AWARENESS WELFARE (RLAW) :

    Hacking practice is as old as inter-net's existence, only the methods of hacking changes with the passage of time although users' number has been outnumbering expectations, that's really strange to note.

    - A.R.Shams's Reflection - Press / Online Publications - Moral Messages Worldwide

  • rate this
    -2

    Comment number 68.

    "Facebook was going to snap up this company for $3bn back in November. I bet they're glad they didn't. If they put in an offer today it would be substancially less I wager."

    Yes and no. It is a feature Facebook, no doubt, would love to add to their portfolio. The security can be improved. Facebook cannot just rip off the apps idea so they have to either buy it or pay royalties or go without.

  • rate this
    -1

    Comment number 67.

    "Names, addresses and phone numbers of millions of people have been published for anyone to see for years... The phone company keeps sending me the books."

    That is not the point. You have a choice whether to authorise publication of your details in the phonebook. Having your details hacked and published isn't the same in any way, shape or form.

    Still, you carry on with your pointless point.

  • rate this
    +1

    Comment number 66.

    What happened to the good ol' Polaroid camera? More secure than any of the technology today if "revealing photos" is your thing.

    I've not used snapchat (yet). I do believe there is a use for it for sharing "normal" photos. However, the point is they are secure and auto-deleted after viewing.

    Well... We now know they're not secure. Next they'll be telling us they're not deleted either. Woops!

  • rate this
    0

    Comment number 65.

    @58 "Why?"

    No one's using camera phones to create art; they exist to share moments. Therefore, a self-destructing picture shares with its recipient not only the moment it captures, but the fleeting-ness of the moment.

    I used to think it was a waste of an app, but I appreciate it a lot more than the alternative: photo albums/hard drives filled with pics that never get looked at.

  • rate this
    -3

    Comment number 64.

    The issue of user data held by any organisation depends on integrity, confidentiality and availability if the security of such data must be protected but, once they are exposed to vulnerabilities and exploits the triangulation is shortened or breached. ''Hackers say they have exposed a security flaw. What happen next, now that 4.6 million of users data have been exposed and published online?

  • rate this
    +2

    Comment number 63.

    "Snapchat has grown in popularity as an app that allows people to share pictures, safe in the knowledge they delete themselves after being viewed."

    Should read
    "Snapchat has grown in popularity as an app that allows people to share pictures, IN THE ERRONEOUS BELIEF that they delete themselves after being viewed."

  • rate this
    +3

    Comment number 62.

    boo hoo, so someone now knows your phone number and that you send pictures of your willy to people.

  • rate this
    +3

    Comment number 61.

    Snapchat hack hits 4.6 million vacuous fools.

    Fixed your headline for you.

  • rate this
    +5

    Comment number 60.

    I have it on good authority that the man who is the Head of Snapchat Cyber-Security is in the headline photograph above, wearing a white onesie, with his tongue sticking out.

    In my opinion he should be looking a lot less pleased with himself.

  • rate this
    +1

    Comment number 59.

    @54. The Realist http://www.bbc.co.uk/news/technology-25572661?postId=118314288#comment_118314288

    Erm... "The firm said it had first warned Snapchat about this four months ago, adding that "nothing had been really been improved upon"."

    Traditional execution order:
    1. Read
    2. Comment

  • rate this
    +5

    Comment number 58.

    I've just one super-quick question for all you 'Snap-chat' users (cos I don't want to over-stretch your attention capacity too much) :-


    'Why?'

 

Page 1 of 4

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.