Snapchat hack: 4.6 million users have been affected

Hackers claim that 'even now the exploit persists' after releasing phone numbers and usernames of millions of individuals

James Vincent
Thursday 02 January 2014 11:01 GMT

Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”.

A site hosting the data went live on New Year’s Day but has since been taken offline, with individuals claiming responsibility for the hack telling technology site The Verge that this was “not due to legal action but due to the hosting provider being intimidated by the overwhelming attention.”

The hack comes after Australian-based security researchers Gibson Security announced on Christmas Day that they had discovered a flaw in the photo-sharing app’s code. Two days later Snapchat acknowledged the existence of the vulnerability and said they had “ implemented various safeguards” to protect users’ data.

However, after posting the data online, individuals claiming responsibility for the hack said that “once we started scraping on a large scale, [Snapchat] decided to implement very minor obstacles, which were still far from enough.

“Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.”

The researchers who first highlighted the problem have stressed that they are unaffiliated with the hackers and do not condone their actions. They have also created a website allowing individuals to check if their information was leaked. Individuals in the UK should be safe as the hack mainly affects Snapchat’s eight million American users.

"We think this is has really damaged Snapchat's reputation of being an app you can trust," Gibson Security told The Independent.

"The user base will probably not change dramatically, but the demographics Snapchat are trying to target and make money off, will probably think again before they download an app like Snapchat."

Text on the website hosting the data had originally informed visitors that they were “downloading 4.6 million users’ phone number information, along with their usernames.”

It also offered the advice that “people tend to use the same username around the web so you can use this information to find phone number information associated with Facebook or Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

The last two digits of each number were censored by the hackers to “minimize spam and abuse,” although uncensored data is reportedly available on request. The alleged hackers say that individuals requesting this data include “security researchers from around the world, professors from various universities, private investigators and attorneys.”

Snapchat has yet to comment on the incident although founder Evan Spiegel - whose phone number was apparently included in the hack - tweeted that the company was currently "working with law enforcement" and will "update when we can".

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in