More than 4.6 million affected by Snapchat hack - WTOC-TV: Savannah, Beaufort, SC, News, Weather & Sports

Snapchat hack leaks info on 4.6M users

Posted: Updated:
The information on the hacked users was posted to a now-defunct website registered in Panama. (Source: MGN) The information on the hacked users was posted to a now-defunct website registered in Panama. (Source: MGN)

(RNN) - More than 4.6 million users of the popular chatting app Snapchat had their phone numbers released in a massive hack that took place in the last week.

The hack comes on the heels of several complaints about the application's security measures and warnings from internet security firms.

The information was posted at the now-defunct www.snapchatdb.info. According to a who.is search, the site was created Tuesday in Panama.

"Our motivation behind the release was to raise awareness around the issue and also put public pressure on Snapchat to get this exploit fixed," the group, SnapchatDB, said in a statement to TechCrunch. "It is understandable that tech startups have limited resources, but security and privacy should not be a secondary goal. Security matters as much as user experience does."

Snapchat, which allows users to send photos and videos to others that disappear seconds after they are opened, said in a blog post Dec. 27 that although the numbers were released, it would make it nearly impossible to identify users with phone numbers.

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way," Snapchat said in its blog.

While the site does allow people to look up usernames based off numbers in their contact list, "we don't support the ability to look up numbers based on someone's username," the blog post read.

However, people could still find the names associated with the numbers using reverse lookup websites.

For people who were hacked, not all is lost – the last two numbers of the information posted were blurred out by the hackers.

"We wanted to minimize spam and abuse that may arise from this release," SnapchatDB said in its statement to TechCrunch. "Our main goal is to raise public awareness on how reckless many internet companies are with user information."

Online security group Gibson Security publicly posted the exploit Dec. 24, along with a site for Snapchat users to find out if their information was leaked at lookup.gibsonsec.org.

This isn't Gibson Security's first run-in with Snapchat, which they criticized for not addressing security matters.

"Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version and see which of the released exploits have been fixed (full disclosure: none of them)," Gibson Security said in its foreword on the exploit release.

In November, Snapchat turned down an almost $3 billion acquisition offer, all in cash, from Facebook. Snapchat CEO Evan Spiegel told TechCrunch in November that users receive more than 400 million snaps each day through the service.

Copyright 2014 Raycom News Network. All rights reserved.

Powered by WorldNow