A group of hackers called SnapchatDB has accessed information for around 4.6 million Snapchat users. SnapchatDB is urging Snapchat executives to increase security for the app as a result. The hacker group posted the partial phone numbers of the users, but said that they blurred the last two digits in phone numbers. Snapchat is an app that lets users share photos and videos that self-destruct after being viewed once (or twice).
The data was posted on the website SnapchatDB.info. The SnapchatDB hackers used an exploit in the app to get into the system.
Below is a statement that SnapchatDB sent to TechCrunch:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec?s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec?s private communications, yet they didn?t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
Now that the Snapchat executives know about the vulnerabilities in their code, it is time for them to make the fixes.