Mobile photo sharing app Snapchat has been hacked, with some 4.6 million user names annd phone numbers apparently exposed. At least one website has been set up that purports to allow you to check if your account has been breached, however.
A company spokeswoman would only say that Snapchat was in the process of assessing the situation.
Snapchat, which allows people to send pictures which self-destruct within 30 seconds, has become one of the most frequently downloaded Android and iOS applications, and has attracted the attention of some deep-pocket investors, including Facebook, which recentlly tried to buy it for $3 billion.
The hacked Snapchat account info was published on a now-offline website called snapchatDB.info, which redacted the last two digits of each user’s phone number. The intent of the anonymous hackers was apparently to demonstrate to Snapshat that its system was insufficiently secure. Gibson Security had previously issued a warning that Snapchat was vulnerable owing to a security hole.
SnapchatDB offered an explanation to TechCrunch about the release of the Snapchat personal information:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does. We used a modified version of Gibsonsec’s exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent…”
In a December 27 blog post, Snapchat said it implemented varous secuirty safeguards and additional counter-measures to ward off hackers.
If you’re a Snapchat user, you may be able to check to see if your account has been compromised at GS Lookup – Snapchat. According to the LA Times, “Unfortunately, affected users can’t do much about the situation since their data is already out there, but they may want to change their passwords and keep an eye on their accounts for any unusual activity.”
Given the Snapchat hack, would this give you any second thoughts about using the social media app?