A group of white hat hackers(hackers without malicious intent) known as Gibson Security appear to have hacked into databases of photo messaging app Snapchat. They have posted around 4.6 million usernames and related phone numbers on a website SnapchatDB.info. While the data itself is downloadable but as of now they have hidden the last two digits of the phone numbers just to protect user’s privacy. However, the site by the anonymous hackers clearly said that, “For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”
By late Wednesday morning the website snapchatDB.info was inaccessible as it might have been suspended.
Hackers were reportedly trying to bring to attention some security loopholes within the snapchat app, which despite a recent update from snapchat remains an exploit. So to bring home their point of view they hacked the Snapchat database using the same exploit and posted the partial data online. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.
In a statement to technology blog Techcrunch the hackers said “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does”.
Earlier it was supposed to be a hoax by Gibson Security just to create awareness about the Snapchat exploit. However it turns out that real people data has been compromised with Techcrunch reporting one of their editorial members Snapchat data being compromised. Some websites have even reported Snapchat founder Evan Spiegel in the list.
In a recent blog entry Snapchat said “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
Snapchat has been one of the top most smartphone app of 2013 and if such security breach occurs users may flee away to other secure apps like Whatsapp, line or Wechat. As of now Snapchat’s response looks like escapist and not up to the mark. Let us see if they are able to able to fix the glitch and provide secure service to their users.