In case you haven’t heard, Snapchat has been the victim of a group of hackers over the new year. According to a statement received by TechCrunch, the hackers have made available more than 4.6 million user names and phone numbers tied to the service. The group responsible claims their actions weren’t taken for the sake of it (or for the lulz, as some of these folks would call it).
Their goal was to expose an exploit that Snapchat has supposedly ignored. The group claims to have warned Snapchat on several previous occasions, but Snapchat failed to take heed. They hope that the result of this episode is to get Snapchat to take privacy and security more seriously, which isn’t a terrible proposition considering the service is supposed to be built on the very promise of privacy and security.
So how do you know if your account details have been compromised? The folks at Gibson Sec got their hands on the leaked info, and decided to put it into a database for anyone to look up. Simply search for your Snapchat username at this link, and it will tell you whether or not your information was stolen.
It’s a good thing that Snapchat doesn’t require a ton of information to make an account as only usernames and phone numbers have been put out into the open. While that’s still scary business, most people would consider that information harmless.
Regardless, it’s an exploit that Snapchat is going to have to patch up if they’re going to continue to win the confidence of those who value security and privacy. Be sure to read on for the group’s full statement.
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.