Posts: 2,096 +236
A recent database leak has seen the usernames and phone numbers of 4.6 million Snapchat users released to the public. SnapchatDB, which has been set up by an anonymous, unaffiliated group, has posted two files (a CSV and SQL dump) that contains the data of Snapchat users, obtained through an unpatched exploit.
The final two digits in each user's phone number has been censored in an effort to "minimize spam and abuse". However it will still be easy for anyone to search the database for a certain person and discover their (partial) phone number, especially if they use the same username for Snapchat as other places like Twitter.
SnapchatDB says that anyone can contact them to ask for an uncensored database, which might be an indication that the team will sell the data. Although SnapchatDB claims the data represents a "vast majority" of users, it's far from complete: all users are from North America only, making up 76 of 336 United States area codes, and two from Canada.
The leak comes just shortly after Snapchat admitted there were some security issues with the 'find friends with phone numbers' feature, issues which Gibson Security discovered in August, but went ignored. According to Gibson, it was possible to check 10,000 numbers in seven minutes, and with a list of every phone number in the US, stealing information would be quite easy despite Snapchat's attempts to downplay the issue.
The good news is that the exploit has been patched, so no more data can be collected for the rest of Snapchat's userbase. But the exploit shouldn't have been there in the first place, which just goes to show that you can't trust all startups with your private information.
To check if your username/phone number combination has been released in the leak, head to Snapcheck.org.