Snapchat hack believed to have hit 4.6 million users

‘Syrian Electronic Army’ attacks Skype in separate incident

The Snapchat app, which deletes messages after they are delivered. Applications such as Snapchat are gaining popularity for the perception of privacy, but the company’s privacy policy explains those images can be retrieved from its servers even after they are deleted. Photograph: J. Emilio Flores/The New York Times

The Snapchat app, which deletes messages after they are delivered. Applications such as Snapchat are gaining popularity for the perception of privacy, but the company’s privacy policy explains those images can be retrieved from its servers even after they are deleted. Photograph: J. Emilio Flores/The New York Times

Thu, Jan 2, 2014, 11:41

An anonymous group of hackers has dumped a vast database of what appeared to be 4.6 million Snapchat users’ mobile numbers and usernames, just days after Snapchat claimed it had safeguards in place to fix a security vulnerability that could divulge users’ personal information.

In a separate hacking incident involving a hugely popular social media application, the so-called Syrian Electronic Army, an amorphous hacker collective that supports Syrian president Bashar al-Assad, claimed credit yesterday for hacking into the social media accounts of internet calling service Skype.

A website called SnapchatDB released the vast database, which included usernames and phone numbers of Snapchat users in the US. The last two digits of each number were redacted by the group.

The site later appeared to have been taken down, but, while accessible, explained that the material had been published to “raise awareness” of the issue.

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,’’ it said.

‘’For now, we have censored the last two digits of the phone numbers in order to minimise spam and abuse.’’

The site also said it might consider releasing the unredacted database ‘’under certain circumstances’’.

Snapchat is a mobile phone app which allows users to send instant, time-limited picture messages to each other.

A survey by research company Ipsos/MRBI suggested last year that some 43 per cent of Irish residents aged between 15 and 24 have a Snapchat account, with half of those using the app every day.

The publication of the user names and numbers came after details of the vulnerability was made public by an Australian security research group called Gibson Security on Christmas Day. The group outlined how the vulnerability could be exploited, and said Snapchat did not respond to it when it raised the issue months ago.

Gibson Security tweeted it had no involvement in the release of the user information.

‘’We know nothing about SnapchatDB, but it was a matter of time til something like that happened,’’ it tweeted.

After Gibson published its findings Snapchat said it took user privacy seriously and replied in a blogpost: “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way.

Irish Times News



News - direct to your inbox

Which Daily Digest would you like?