Snapchat users have woken up today to the news that usernames and phone numbers on their accounts have been copied by hackers who have posted that data online. The hack affects 4.6 million users who will find their personal details posted on SnapchatDB. The site’s now offline but a cached version remains viewable.
The hackers have taken responsibility for the attack by telling a tech blog, Tech Crunch: “We used a modified version of gibsonsec's exploit/method.” The whole point of Snapchat is security so this hack must ruffled a few feathers with the site’s developers. Snapchat is a site that allows users to share pictures safe in the knowledge that the receiver can’t save the images as they’re deleted automatically once viewed.
The Find Friends feature allows users to upload their address book details so they can find people using the site. That’s the feature that most users will be upset to lose control of. The Gibson Security report about Snapchat was published on Christmas Day. In it Gibson warned that the site’s vulnerable to hackers as it could easily be used to take the users’ phone numbers. The 25th December report followed a warning Gibson made to Snapchat four months before, a caution that the site ignored as “nothing had been really been improved upon.”
Snapchat’s official response to the situation said: “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” which seems to be their way of saying that this latest hacking incident is nothing to worry about.