Snapchat data leaks, 4.6 million usernames and phone numbers exposed

By on January 1, 2014, 1:30 PM
hacking, security, leak, snapchat, username, phone number

A recent database leak has seen the usernames and phone numbers of 4.6 million Snapchat users released to the public. SnapchatDB, which has been set up by an anonymous, unaffiliated group, has posted two files (a CSV and SQL dump) that contains the data of Snapchat users, obtained through an unpatched exploit.

The final two digits in each user's phone number has been censored in an effort to "minimize spam and abuse". However it will still be easy for anyone to search the database for a certain person and discover their (partial) phone number, especially if they use the same username for Snapchat as other places like Twitter.

SnapchatDB says that anyone can contact them to ask for an uncensored database, which might be an indication that the team will sell the data. Although SnapchatDB claims the data represents a "vast majority" of users, it's far from complete: all users are from North America only, making up 76 of 336 United States area codes, and two from Canada.

The leak comes just shortly after Snapchat admitted there were some security issues with the 'find friends with phone numbers' feature, issues which Gibson Security discovered in August, but went ignored. According to Gibson, it was possible to check 10,000 numbers in seven minutes, and with a list of every phone number in the US, stealing information would be quite easy despite Snapchat's attempts to downplay the issue.

The good news is that the exploit has been patched, so no more data can be collected for the rest of Snapchat's userbase. But the exploit shouldn't have been there in the first place, which just goes to show that you can't trust all startups with your private information.

To check if your username/phone number combination has been released in the leak, head to Snapcheck.org.




User Comments: 5

Got something to say? Post a comment
NTAPRO NTAPRO said:

Seems to have been suspended pretty quickly

ikesmasher said:

It was up last night; and the things are still all over torrent sites. sadly.

Guest said:

This is unfortunate because I'm a huge fan of SnapChat and other privacy-based sites such as Ravetree and DuckDuckGo. Hopefully they can get this sorted out. It would be a MUCH bigger deal if google gets hacked because of all the personal information they collect about its users (including your browsing history information).

robertocarlus robertocarlus said:

Oooppsss! You should had sold it to Facebook when you had the chance!

Guest said:

NSA just needs to implant things directly into everyone, to catch these 5 BASTARDS. damn a hurts

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.