New year gift for Snapchat team has been delivered in the form of a hack, which now published 4.6 million of username and associated phone numbers of most Snapchat users at SnapchatDB website.
The story of the security vulnerabilities inside Snapchat’s servers began in August 2013, where the white-hat security researchers of Gibson Security found the loophole and tried to contact the “Disappearing messaging” service’s team. When the team ignored the research, then it published the way to access the username and phone numbers in its website. Then came the respond from the Snapchat team saying that the “counter-measure” has been implemented already and took the warning not-so-seriously.
The released database of 4.6 million users in the form of SQL dump and CSV file, contains “vast majority” of users and the hacker claimed that the information was acquired after the recent “counter-measure” patch applied by the company to create awareness on the issue. As they mentioned, Snapchat was really, too reluctant at patching the exploit, while it has got millions of usernames and other details including phone numbers and regions with them.
Meanwhile, the last two digits of the published database’s phone numbers has been censored. Though the homepage claims that this was done for minimizing spam and abuse, the real intention may be getting real attention from Snapchat. Gibsonsec hasn’t got any profits from their research by only finding the exploit, but this hacker (who knows, who is it?) could grab some serious attention by the company.
However, the released half-censored information is enough to find someone’s phone number from their usernames, if they used the same usernames at Twitter or Facebook.
Some revelation inside the leaked database:
- 2 of Canadian area codes listed in the database – area code 867 (The Far North) and 204 (Manitoba)
- Around 248 area codes of U.S. is not included
- These cities or the area codes are not included in the database – Wyoming, West Virginia, Vermont, Utah, Rhode Island, Oregon, Oklahoma, North Dakota, North Carolina, New Mexico, New Hampshire, Nevada, Nebraska, Montana, Missouri, Mississippi, Maryland, Kansas, Hawaii, Delaware and Alaska.
One guy has already developed a tool for users to find, whether their username included or not. Just go through this link to check whether your name and phone numbers leaked in the SnapchatDB database or not.
[Source] [Via: Hacker News, Reddit]