Snapchat database hacked, 4.6m user IDs & phone nos. leaked!

Evan Spiegel, Snapchat (Photo credit: jdlasica)

Cover of Hackers

Phone numbers and usernames of over 4.6 million users of the popular picture sharing service Snapchat have been leaked online. Hackers have posted the database of these users on a website called SnapchatDB as SQL dump or as CSV text format.

Hackers have posted the database of these users on a website called SnapchatDB as SQL dump or as CSV text format.

SnapChatDB claims that the data was acquired through the security exploits documented recently. It said, “Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them). Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the gibson.”

Australia-based Gibson Security recently published a security vulnerability in SnapChat that exposed users’ phone numbers based on their usernames. Snapchat downplayed the security issue with its service. The auto-destruct photo sharing service claimed that it had recently added additional counter-measures and continues to combat spam and abuse. It had said that the potential hack sounds ‘impractical’.

In a blogpost, Snapchat said, “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.” However, SnapchatDB.com’s message indicates that the service did patch the exploit.

On their part, the anonymous group of hackers has claimed that they have stolen the database to raise awareness about holes in Snapchat’s security. To ensure that the information is not misused by cyber criminals, the hackers have redacted the last two digits of the leaked phone numbers to safeguard users’ privacy.

The hackers, however, said they are willing to share the uncensored database on request, ‘under certain circumstances.’

Related articles

• Snapchat database hacked, 4.6m user IDs & phone nos. leaked (timesofindia.indiatimes.com)
• Snapchat’s 4.6 million users’ phone numbers and usernames leaked (the4cast.com)
• Snapchat Hack Leaks 4.6 Million Phone Numbers and Usernames: [UPDATE] SITE SUSPENDED (designntrend.com)
• Hackers reveal 4.6m mobile numbers after Snapchat claims it has safeguards (mantoshpal.wordpress.com)
• Hackers Leaked 4.6 Million Snapchat Usernames and Phone Numbers (motherboard.vice.com)
• Snapchat leak reveals phone numbers, usernames of 4.6 million users (bgr.com)

Posted By Mantosh Pal

Name(required)

Email(required)

Website

Comment(required)

Submit

0.000000 0.000000

Share this:

Evan Spiegel, Snapchat (Photo credit: jdlasica)

Cover of Hackers

Phone numbers and usernames of over 4.6 million users of the popular picture sharing service Snapchat have been leaked online. Hackers have posted the database of these users on a website called SnapchatDB as SQL dump or as CSV text format.

Hackers have posted the database of these users on a website called SnapchatDB as SQL dump or as CSV text format.

 

SnapChatDB claims that the data was acquired through the security exploits documented recently. It said, “Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them). Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the gibson.”

Australia-based Gibson Security recently published a security vulnerability in SnapChat that exposed users’ phone numbers based on their usernames. Snapchat downplayed the security issue with its service. The auto-destruct photo sharing service claimed that it had recently added additional counter-measures and continues to combat spam and abuse. It had said that the potential hack sounds ‘impractical’.

In a blogpost, Snapchat said, “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.” However, SnapchatDB.com’s message indicates that the service did patch the exploit.

On their part, the anonymous group of hackers has claimed that they have stolen the database to raise awareness about holes in Snapchat’s security. To ensure that the information is not misused by cyber criminals, the hackers have redacted the last two digits of the leaked phone numbers to safeguard users’ privacy.

The hackers, however, said they are willing to share the uncensored database on request, ‘under certain circumstances.’

 

Related articles

• Snapchat database hacked, 4.6m user IDs & phone nos. leaked (timesofindia.indiatimes.com)
• Snapchat’s 4.6 million users’ phone numbers and usernames leaked (the4cast.com)
• Snapchat Hack Leaks 4.6 Million Phone Numbers and Usernames: [UPDATE] SITE SUSPENDED (designntrend.com)
• Hackers reveal 4.6m mobile numbers after Snapchat claims it has safeguards (mantoshpal.wordpress.com)
• Hackers Leaked 4.6 Million Snapchat Usernames and Phone Numbers (motherboard.vice.com)
• Snapchat leak reveals phone numbers, usernames of 4.6 million users (bgr.com)
• Snapchat gets hacked, 4.6M users have their details published online (mobigyaan.com)
• Alleged Snapchat hackers explain how and why they leaked data on 4.6 million accounts (theverge.com)
• 4.6 Million Snapchat Usernames and Phone Numbers Leaked (iClarified.com)

Posted By Mantosh Pal

Name(required)

Email(required)

Website

Comment(required)

Submit

 

0.000000 0.000000

Hackers reveal 4.6m mobile numbers after Snapchat claims it has safeguards

Website releases usernames and phone numbers of Snapchat users in the US, with the last two digits of each number redacted,

Publication of user names and numbers came after 
Snapchat's security was questioned by an Australian security research group.

An anonymous group of hackers has dumped a vast database of what appeared to be 4.6 million Snapchat users’ mobile numbers and users names, just days after Snapchat claimed it had safeguards in place to fix a security vulnerability that could divulge users’ personal information.

@adabot on @snapchat (Photo credit: adafruit)

A website called SnapchatDB released the vast database, which included usernames and phone numbers of Snapchat users in the US. The last two digits of each number were redacted by the group.

The site later appeared to have been taken down, but, while accessible, explained that the material had been published to “raise awareness” of the issue.

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” it said.

“For now, we have censored the last two digits of the phone numbers in order to minimise spam and abuse.”

The site also said it might consider releasing the unredacted database “under certain circumstances”.

The publication of the user names and numbers came after details of the vulnerability was made public by an Australian security research group called Gibson Security on Christmas Day. The group outlined how the vulnerability could be exploited, and said Snapchat did not respond to it when it raised the issue months ago.

Gibson Security tweeted it had no involvement in the release of the user information.

“We know nothing about SnapchatDB, but it was a matter of time til something like that happened,” it tweeted.

After Gibson published its findings Snapchat said it took user privacy seriously and replied in a blogpost: “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way.

“Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”

Snapchat has been contacted for comment on the release of the SnapchatDB database.

Related articles

• Snapchat’s 4.6 million users’ phone numbers and usernames leaked (the4cast.com)
• Snapchat vulnerability could expose users’ information, hackers claim (sacbee.com)
• Hackers Claim To Publish List Of 4.6M Snapchat Usernames And Numbers (theloveoftech.wordpress.com)
• Hackers Claim To Publish List Of 4.6M Snapchat Usernames And Numbers (techcrunch.com)
• Hackers Claim To Publish List Of 4.6M Snapchat Usernames And Numbers (jeremiahtillman.wordpress.com)
• Private Matters: Snapchat Tries to Downplay Hack (atlantablackstar.com)

 

Posted By Mantosh Pal

0.000000 0.000000