Earlier this morning a website appeared by the name of SnapchatDB, a website that had around 4.6 million Snapchat users usernames and corresponding phone numbers which were gathered using the exploit that Snapchat themselves acknowledged but downplayed the threat in a recent blog post. Talk about laughing in the face of danger.
So to roll in 2014 an anonymous group set up SnapchatDB that contained to files, a huge SQL dump and a large CVS text file, both of which contained the username, phone number, and location of some 4.6 million North American and some Canadian Snapchat users. Fortunately you’ll be pleased to hear that two of the numbers in the listed phone numbers were blocked out to “to minimize spam and abuse,” but SnapchatDB said to “feel free” to contact it for the unsensored list which it may release under certain circumstances.
The files also contained unedited usernames too which the website reminded those willing to download the files that “people tend to use the same username around the web.” and it also says, you can try to “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Since the news initially broke this morning the website has since been taken offline whether that’s due to heavy load or the result of the authorities getting involved is yet unknown. I suspect the latter as this is quite sensitive information.
The worst part about this news is that the information collected by SnapchatDB was done by the supposedly ‘fixed’ exploit discovered by Gibson Security that Snapchat themselves acknowledged but downplayed. The company admitted they knew about the exploit and that they had “recently added additional counter-measures,” and would “continue to make improvements to combat spam and abuse.”
What’s more Snapchat is beginning to be the messaging app of choice between teens and younger smartphone users so chances are a hefty number of the leaked user information could belong to them.