Oh dear. In an inauspicious start to 2014 for both Snapchat and its users, a website appears to have published user name and phone number information for 4.6 million accounts.
The leaked user info from SnapchatDB matches phone numbers to user names, and in some was in retrospect probably inevitable. Just a week ago, a group of researchers calling themselves Gibson Security not only publicised how easy it would be to acquire data like this from Snapchat, but detailed how one might go about doing it. And so someone has!
Fortunately — well, relatively — the minds behind SnapchatDB have shown some restraint, blurring out the last two digits of phone numbers to “minimise abuse”. They are offering, however, to show the full listings “under certain circumstances”.
The security hole that allowed the breach has since been patched, but it’s impossible to say if Snapchat did so before the information got into more nefarious hands. Which appears to be the point of SnapchatDB in the first place. According to its authors:
This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.
Hopefully SnapchatDB will hold itself to that same standard.
To see if your username is part of the leak, you can use this script — found by TNW — that was handily thrown together by developers Will Smidlein and Robbie Trencheny. And even if you seem to be in the clear, maybe now’s a good chance to make good on that resolution to protect your privacy that much better in the new year. [SnapchatDB]