Trust in Snapchat rocked as hackers publish 4.6m user details

2 Jan 2014

Revelations that hackers published the mobile numbers and usernames of 4.6m Snapchat users have rocked the post-and-forget mobile social app, drawing even more scrutiny to the social network favoured by teens.

The database of users’ details was published on SnapchatDB. However, the hacker group held back the last two digits of each mobile number.

Ostensibly, the hackers were attempting to draw attention to security weaknesses believed to be inherent in Snapchat.

“This database contains username and phone number pairs of a vast majority of the Snapchat users,” the hackers wrote on the the SnapchatDB site, which has since been suspended.

“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.

“For now, we have censored the last two digits of the phone numbers in order to minimise spam and abuse,” they wrote.

Counter measures by Snapchat

However, Snapchat has said it welcomes efforts by security groups to highlight potential weaknesses.

“This week, on Christmas Eve, a security group posted documentation for our private API. This documentation included an allegation regarding a possible attack by which one could compile a database of Snapchat usernames and phone numbers. 

“Our Find Friends feature allows users to upload their address book contacts to Snapchat so that we can display the accounts of Snapchatters who match the phone numbers found in the address book. Adding a phone number to your Snapchat account is optional, but it’s helpful for allowing your friends to find you. We don’t display the phone numbers to other users and we don’t support the ability to look up phone numbers based on someone’s username.

“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse,” Snapchat said.

Snapchat is a popular photo messaging app developed by Stanford students Evan Spiegel and Robert Murphy in 2011.

It is popular among users between 13 and 23 years of age and photos remain visible on the app for up to 10 seconds.

Social networking giant Facebook had offered to buy Snapchat for US$3bn, but its owners spurned the offer. This was believed to have been subsequently followed up by a US$4bn offer by Google, which was also spurned.

Snapchat is famous for helping give rise to the popular – but annoyingly narcissistic – trend of people taking selfies with their smartphones.

The app has also courted controversy over claims it has been allegedly used to facilitate child pornography, with teenagers in North America ‘sexting’ explicit photos among each other via the app.

Cyberbullying image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com