Millions of accounts compromised in Snapchat hack

7:56 AM, Jan 2, 2014   |    comments
  • Share
  • Print
  • - A A A +

 


 


(CNN) -- Hackers appear to have posted account info for 4.6 million users of quickie social-sharing app Snapchat, making usernames and at least partial phone numbers available for download.

The data was posted to the website SnapchatDB.info. By late Wednesday morning, that site had been suspended.

The hack was seemingly intended to urge Snapchat to tighten its security measures. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," the hackers said in a statement to technology blog TechCrunch.

In the statement, the hackers said they blurred the last two digits of the phone numbers they posted but were still considering whether to post more with the full number visible.

By Wednesday afternoon, developers had used the data to set up awebsite letting Snapchat users find out whether their accounts had been compromised.

Snapchat did not immediately respond to a message seeking comment.

Last week, Gibson Security -- a group of "white hat" hackers, meaning they don't exploit the security gaps they find -- published what they said was code that would enable such a hack. The SnapchatDB group said Snapchat implemented "very minor obstacles" after that.

"We know nothing about SnapchatDB, but it was a matter of time til something like that happened," Gibson Security wrote Wednesdayon its Twitter account. "Also the exploit works still with minor fixes."

In a blog post Friday, Snapchat appeared to minimize the potential damage from such a hack, claiming that it would require a "huge set of phone numbers, like every number in an area code," to match usernames to numbers.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse," the post read. "Happy Snapping!"

Check out some of our most read stories from 2013:

#shortyellows: Florida quietly shortened yellow lights

Terrorism Warning: Memo says terrorists practicing dry-runs on Florida flights

Kittens shot: Officer shoots kittens in front of children

Courtroom apology: Woman apologizes for flipping off judge

Weird ice: Strange, giant circles appear on frozen pond

Controversial Club: College student organizes "White Student Union"

CFO Trouble: School administrative chief in trouble over her porn sex blog

Warning Shot Wife: Mother gets 20 years for firing warning shots at abusive husband

Science Arrest: Teen girl arrested over science project explosion

Wait, WHAT?? Dog shoots man in the leg with a handgun

Popular photo galleries:

Faces of Meth: Devastating before and after photos of meth abusers

Trayvon Martin Shooting: Trayvon Martin crime scene photos and George Zimmerman injury photos 

Hooters Winners: Winners of the 2013 Hooters swimsuit pageant

Rejected: Funny Florida license plates rejected by the DMV***warning graphic***

Deadly sinkhole: Home collapses, man dies in giant sinkhole

Popular Databases:

Florida Sex Offenders: Look up sex offenders in any Florida neighborhood here

Restaurant Inspections: Look up inspection reports for any Florida restaurant here


Most Watched Videos