January 1, 2014

Use Snapchat? Well your data may have already been stolen.

Last week, security specialists from the Gibson Security team revealed a vulnerability in Snapchat's database that would allow a hacker to user's information. Before Snapchat could address the vulnerability, someone decided to take all the information they could - and tell the world.


Snapchatdb.info has supposedly assembled a list of 4.6 million Snapchat user's phone numbers and usernames. They have published this on their website in both SQL and CSV form for the public to download. Neither were downloadable when we attempted. We faced a 503 error, presumably due to high demand for the information. The WHOIS for the website has been blocked so we are not sure at this time who is behind this. We cannot verify their claims but they have posted a sample of what their data looks like.


The owners of the website state that they did this to "raise awareness" about how companies store their end user's personal information. Currently, the last two digits of the phone numbers have been blocked but they have said that "under certain circumstances", they will release an uncensored list. They have also posted a list of all the area codes that they have collected.


Even with the last two digits blocked, users phone numbers can be determined with some social engineering like phone numbers and usernames on social networking sites such as Twitter or Facebook. This infiltration affects both iOS and Android users. If you have ever used Snapchat, please be aware that if this is legitimate, your information may be floating around on the internet. Try not to include personal information on social networking sites and think before you click. This is really an eye opener and definitely not a great start of 2014. And you thought screenshotting was bad.

UPDATE 1/1/2014 11:18 AM:
Snapchatdb.info is now offline because of a "suspended domain". For now the account information is unattainable from the website.

UPDATE 1/1/2014 12:13 PM:
Although the original source, snapchatdb.info, is down, the database has been uploaded on several mirrors.
On the bright side, you can now check if your username was part of the leaked information, thanks to Gibson Security.

Source - Snapchatdb.info 
Via - Engadget