Mikah SargentA hacker group says it wanted to teach Snapchat a lesson, so it leaked 4.6 million usernames and phone numbers online.
When a user signs up for Snapchat, they are encouraged to upload their address book to the app’s databases. This gives Snapchat a way to track down friends using the service. The hackers made use of this exploit to gather data from the 4.6 million accounts.
"That's just about anyone with a Snapchat account. ... So far there's been no response from Snapchat." (WWMT)
But here’s the kicker, research group Gibson Security informed Snapchat of the exploit used in the attack months ago, but Snapchat reportedly dragged its feet on making a fix.
A writer for PCMag says the security firm alerted Snapchat in August, long before it chose to post the exploit in December. "But the fix is simple … the problem could be patched with 10 lines of code."
Snapchat did eventually patch the issue, but not before the hacker group took action. The group claims it leaked the accounts to — quote — "raise awareness on the issue."
It even set up a website where users can download the leaked data. The masthead contains a rather charming phrase: "Bringing 4.6 million users' information to your fingertips … " And, of course, donation information.
The group has censored the last two digits of the phone numbers in the leak, but says there are circumstances in which it would release the uncensored database.
And if you're thinking Gibson Security is the culprit behind the leak, the firm was quick to give a response, tweeting: "We know nothing about SnapchatDB, but it was a matter of time til something like that happened. Also the exploit works still with minor fixes"
If you’re worried your username might be among the leaked, visit the link in the transcript below to check it against the database of leaked accounts.
