Vulnerability Exploited to Leak the Phone Numbers of 4.6 Million Snapchat Users


Snapchat suffers data breachHackers have leaked the names and phone numbers of 4.6 million US-based Snapchat users in an effort to demonstrate that the recently disclosed vulnerability is more serious than the company has led users to believe.

News of the security hole, which plagued the friend finder feature in Snapchat, first surfaced back in August.

At the time, IT security firm Gibson Security warned that cybercriminals could leverage a flaw to obtain the phone numbers of users who had privately registered the information in order to allow their friends to find them more easily. Around Christmas, Gibson Security published another advisory.

“Seeing that nothing had been really been improved upon, we decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the gibson,” the company noted.

A few days later, on December 27, Snapchat published an advisory of its own, claiming that the attack method presented by Gibson was more theoretical. The company noted that the various safeguards they had implemented over the past year should make the attack more difficult to pull off.

However, unknown hackers have launched a website called SnapchatDB.info where they published the names and redacted phone numbers of 4.6 million internauts.

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,” the individuals behind SnapchatDB.info wrote.

“The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”

Following the leak, Snapchat published another blog post to assure customers that no other information has been compromised. The company has also promised to update its app to prevent abuse of the Find Friends feature.

SnapchatDB.info has been pulled offline. Meanwhile, Gibson Security says it has nothing to do with the website. However, the company is offering people an online service that enables them to find out if they’re impacted by the leak.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s