Hacker

4.6 million SnapChat phone numbers and usernames captured using API exploit

Recently we reported on the known vulnerabilities in Snapchat and Anonymous hackers have claimed to use the reported Snapchat API exploit to compile a database of 4.6 million Snapchat usernames and their associated phone numbers and geographical regions. The site, SnapchatDB.info, offers the information as a 40MB SQL database dump or as a CSV file. Instructions on the pages say,

“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

It is clear that the hackers are trying to prod Snapchat to acknowledge the severity of their security holes and make the needed patches. They claim that the database “contains username and phone number pairs of a vast majority of the Snapchat users.”

SnapchatDB claims that this information:

“is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”

In order to not make the information too useful to black hat hackers, the last two digits of the phone numbers have been blurred out (redacted) “in order to minimize spam and abuse.” The hackers, however, make it clear that they may release the uncensored database somehow in the future. “Under certain circumstances, we may agree to release it,” they write.

If you want to see if you are in the database, you can check here.[signoff predefined=”Enjoy this?” icon=”icon-users”][/signoff]Via