Snapchat, the iPhone and Android app that lets you send self-destructing photos to friends, has had a security breach that affects a huge number of its users. The Next Web reports that usernames and phone numbers of 4.6 million users have been leaked on the website SnapChatDB.info, which has now been suspended. The breach is apparently by “security researchers who claim they have no malicious intent”, but the website had made all those usernames and phone numbers freely downloadable as a CSV file and an SQL database. Whether intended to or not, such data could be used for malicious purposes.
Australia-based security agency Gibson Security had recently reported two exploits in Snapchat with which hackers could gain access to this data. The SnapChatDB hackers claim that the app-makers didn’t take this warning seriously and so they initiated the breach to demonstrate the vulnerability. They told The Next Web:
Snapchat’s response to Gibsonsec was simply not enough. When communicated privately, Snapchat disregarded the submission and didn’t even implement rate limiting. Gibsonsec’s full disclosure doesn’t work as-is anymore. But it still does with very minor modifications. Millions of people are trusting Snapchat with their private data and if Snapchat doesn’t care enough to implement something as simple as rate limiting, we think the public needs to know how reckless they are.
So how do you find out if you have been affected? Two developers have set up a website to check if your username or the associated phone numbers were a part of the leak. According to them, only specific areas of USA were affected, and if you’re outside the US, you are probably fine; but we recommend you still check it out to be on the safe side. The site also has a few solutions for what to do in case your account was leaked.
Source: The Next Web