Snapchat hack: 4.6 million users have been affected

Hackers claim that 'even now the exploit persists' after releasing phone numbers and usernames of millions of individuals

James Vincent
Thursday 02 January 2014 11:01 GMT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”.

A site hosting the data went live on New Year’s Day but has since been taken offline, with individuals claiming responsibility for the hack telling technology site The Verge that this was “not due to legal action but due to the hosting provider being intimidated by the overwhelming attention.”

The hack comes after Australian-based security researchers Gibson Security announced on Christmas Day that they had discovered a flaw in the photo-sharing app’s code. Two days later Snapchat acknowledged the existence of the vulnerability and said they had “ implemented various safeguards” to protect users’ data.

However, after posting the data online, individuals claiming responsibility for the hack said that “once we started scraping on a large scale, [Snapchat] decided to implement very minor obstacles, which were still far from enough.

“Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.”

The researchers who first highlighted the problem have stressed that they are unaffiliated with the hackers and do not condone their actions. They have also created a website allowing individuals to check if their information was leaked. Individuals in the UK should be safe as the hack mainly affects Snapchat’s eight million American users.

"We think this is has really damaged Snapchat's reputation of being an app you can trust," Gibson Security told The Independent.

"The user base will probably not change dramatically, but the demographics Snapchat are trying to target and make money off, will probably think again before they download an app like Snapchat."

Text on the website hosting the data had originally informed visitors that they were “downloading 4.6 million users’ phone number information, along with their usernames.”

It also offered the advice that “people tend to use the same username around the web so you can use this information to find phone number information associated with Facebook or Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

The last two digits of each number were censored by the hackers to “minimize spam and abuse,” although uncensored data is reportedly available on request. The alleged hackers say that individuals requesting this data include “security researchers from around the world, professors from various universities, private investigators and attorneys.”

Snapchat has yet to comment on the incident although founder Evan Spiegel - whose phone number was apparently included in the hack - tweeted that the company was currently "working with law enforcement" and will "update when we can".

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in