SNAPCHAT USERS – WHO include 11 per cent of the population of Ireland – have been warned that their phone numbers and usernames may have been put online.
A site called SnapchatDB, believed to have been set up by hackers, claims that it is a database that “contains username and phone number pairs of a vast majority of the Snapchat users”.
Snapchat is an app that allows users to send each other video and photos with messages, all of which disappear within 10 seconds.
Today, SnapchatDB said on the site:
This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.
The site owners added: “For now, we have censored the last two digits of the phone numbers in order to minimise spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”
On 27 December, Snapchat – which was created by two Stanford students, Evan Spiegel and Bobby Murphy – said that a security group posted documentation for the app’s private API on Christmas eve.
“This documentation included an allegation regarding a possible attack by which one could compile a database of Snapchat usernames and phone numbers,” said Snapchat.
They continued that theoretically, if someone were able to upload a huge set of phone numbers, they could create a database of the results and match usernames to phone numbers.
In the 27 December statement, Snapchat said that it has recently added safeguards and counter-measures to make this difficult to do, and is continuing to make improvements to combat spam and abuse.
The comment came after Gibson Security, which is a group of Australian anonymous hackers, published a report on a vulnerability with Snapchat that could be exploited to potentially reveal user data.
Today, Gibson Security tweeted that they “know nothing about SnapchatDB”, but added “it was a matter of time til [sic] something like that happened”.
Tech website TechCrunch said it had originally speculated that the database website might be a hoax – until at least one of its editorial team found their own number on the site.