ICYMI: A Snapchat Security Breach Affects 4.6 Million Users

snapchat

ICYMI (in case you missed it) there was breaking news on the Snapchat front this week. Here is an article from the Washington Post detailing exactly what happened.

Snapchat users are waking up to troubling news: Thanks to a gap in the service's security, the phone numbers and usernames for as many as 4.6 million accounts have been downloaded by a Web site calling itself SnapchatDB.info.

The hack appears to be real, affecting at least one member of the TechCrunch editorial team and possibly Snapchat founder Evan Spiegel himself.

To see whether your account is among the compromised, you can use this basic Web site, whipped up by a couple of developers named Robbie Trencheny and Will Smidlein, that simply checks the list for your details.

Snapchat DB reportedly gained access to the Snapchat data through a vulnerability disclosed by a group of security researchers last week. In a report posted on Christmas Day, Australia-based Gibson Security explained how the app's Android and iOS API could be hacked to expose user information.

Two days later, Snapchat wrote a blog post saying it was no big deal -- that it had put in place some obstacles to "make it more difficult to do."

"We are grateful for the assistance of professionals who practice responsible disclosure," Snapchat said, "and we’ve generally worked well with those who have contacted us."

 

Yet SnapchatDB's exploit suggests that whatever safeguards the company put in place weren't enough.

"Even now the exploit persists," SnapchatDB said in a statement. "It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent."

 

The people behind SnapchatDB also accused Snapchat of being sluggish to respond to the Gibson Security team from the outset, charging that the company failed to reply to the Australian researchers privately until after they posted the existence of the vulnerabilities on the Web.

SnapchatDB isn't entirely blameless in this incident, either, however. By releasing the database into the open, they've exposed the personal information of Snapchat's users. The goal may have been to get Snapchat's attention -- if they weren't listening before, they must be now -- but consumers are stuck in the middle with nowhere to go.

Snapchat hasn't replied to a request for comment Wednesday morning (we'll update this post if they do). But its Dec. 27 blog post didn't say that the exploit had been conclusively resolved -- just that it had thrown some obstacles in the path of would-be hackers. If the accusations about Snapchat's response time prove true, it implies a pretty cavalier attitude on its part toward security -- not to mention the privacy its vanishing photos are meant to provide in the first place.

                                     
We are pleased to announce that Bark will be taking over where we leave off. The uKnowKids mission to protect digital kids will live on with Bark. Our team will be working closely with Bark’s team in the future, so that we can continue making the digital world a safer, better place for kids and their families. While we are disappointed we could not complete this mission independently, we are also pleased to hand the uKnowKids baton to Bark.
Try Bark's award-winning  monitoring service free for 7 days

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all