Snapchat hacked, about 4.6m user accounts are affected
SnapChatDB claims that the data was acquired through the security exploits documented recently. It said, “Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them). Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the gibson.”
Australia-based Gibson Security recently published a security vulnerability in SnapChat that exposed users’ phone numbers based on their usernames. Snapchat downplayed the security issue with its service. The auto-destruct photo sharing service claimed that it had recently added additional counter-measures and continues to combat spam and abuse. It had said that the potential hack sounds ‘impractical’.
In a blogpost, Snapchat said, “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.” However, SnapchatDB.com’s message indicates that the service did patch the exploit.
On their part, the anonymous group of hackers has claimed that they have stolen the database to raise awareness about holes in Snapchat’s security. To ensure that the information is not misused by cyber criminals, the hackers have redacted the last two digits of the leaked phone numbers to safeguard users’ privacy.
The hackers, however, said they are willing to share the uncensored database on request, ‘under certain circumstances.’