A recent Snapchat hack has left over 4.6 million usernames and phone numbers exposed. This news comes just days after security research firm, Gibson Security, warned Snapchat of a vulnerability that would allow attackers access to this data.
While Snapchat was aware of the security issues with its friend finder feature, it dismissed the issue in a blog post written on December 27th saying the company had “implemented various safeguards to make it more difficult to do.” The blog post goes on to explain how the hack would work:
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”
And that’s exactly what the hackers did. A website called SnapchatDB.info quickly appeared (and has since been taken down), offering the usernames and passwords of 4.6 million Snapchat users. The hackers behind SnapchatDB.info explained to The Verge that they wanted to bring this vulnerability to light so that Snapchat would take it seriously. While the site has since been taken down, caches and mirrors of the database are still circulating the internet.
This hack will create huge headaches for millions of Snapchat users as changing a phone number is not as simple as changing a password. Users who have had their user names and phone numbers exposed will now be vulnerable to SMS based phishing and malware attacks. Users should be wary of calls and texts from unknown numbers. Snapchat has yet to formally respond to news of the hack nor has the company patched the security hole.
To check if your information has been leaked in this attack, check out Have I Been Pwned to see if your username has been exposed. We’ve covered Have I Been Pwned previously after Adobe’s database hack.