Snapchat users beware, a group of anonymous hackers have successfully exploited a security hole in the popular IM application & hacked 4.6 Million usernames and phone numbers, Apart from hacking the group also post the private information on Website SnapChatDB.info. The website now appears to be suspended, but not too late before many have downloaded the information.
SnapChatDB said that they had accessed the information “through the recently patched Snapchat exploit” and were sharing the information online to “raise awareness on the issue,” alleging that Snapchat “was too reluctant at patching the exploit until they knew it was too late.”
SnapChatDB said to TechCrunch :
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.
Two developers Will Smidlein and Robbie Trencheny took it upon themselves to write a checker script letting concerned Snapchat users check out if their account is included in the leaked information.