January 1st, 2014, 17:11 PM
4.6M Snapchat Usernames, Phone Numbers Leaked Online
The usernames and phone numbers for 4.6 million Snapchat accounts were temporarily posted online by hackers who took advantage of a previously disclosed vulnerability within the chat service.
SnapchatDB.info went live last night and allowed visitors to download the database of Snapchat user info, though the last two digits of the phone numbers were censored "in order to minimize spam and abuse."
The site has since been pulled offline (because the hosting provider was "intimidated by the overwhelming attention," SnapchatDB told The Verge), but a cached version is still available.
"You are downloading 4.6 million users' phone number information, along with their usernames," those behind SnapchatDB.info wrote. "People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with."
The move comes after Gibson Security last week revealed several vulnerabilities within the Snapchat app. One of those bugs could allow "someone to easily create a database of the usernames and phone numbers of users of the Snapchat application, in a small timeframe, using phone numbers automatically provided to the app," Gibson said.
"This vulnerability could hypothetically be used to stalk members of society, such as public figures or the data could even be sold to various firms, with the intent of using it and other data to connect online profiles to people in real life," according to the firm.
In a Dec. 27 blog post, Snapchat said that "theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way."
"Over the past year we've implemented various safeguards to make it more difficult to do," Snapchat continued. "We recently added additional counter-measures and continue to make improvements to combat spam and abuse."