Days ago, Gibson Security wrote a post about a security flaw in Snapchat that would allow a hacker to dig up users’ phone numbers. And now someone has done just that.
In fact, that someone nabbed not just phone numbers, but usernames--some 4.6 million in total--and posted them (with the final two digits omitted for a shred of privacy) on a new site called SnapchatDB.info.
Credit: Flickr Lane Fournat
We can’t confirm this with the source of the information (SnapchatDB.info) because the site is down. If you visit the site, all you see is a message stating, “This account has been suspended. Either the domain has been overused, or the reseller ran out of resources.” It’s not clear if the host pulled the plug, if the site creators took it down themselves (voluntarily or not), or if it’s just crashed.
Thus, all of this is from third-party sources. Still, all signs point to the leak being real. A TechCrunch report noted that at least one member of its editorial team was affected. Others have noted that the numbers on the list include just 76 U.S. area codes (and a couple from Canada), which indicates both that there are many more usernames and phone numbers that have likely been compromised and also that whoever posted them did so as a ploy for Snapchat’s attention to a dangerous security problem.
Snapchat needs to jump on this straightaway. If, as Gibson Security alleged, the company knew about the problem as far back as August, Snapchat has some explaining to do.