The Snapchat smartphone photo-messaging app has been a big hit among teens.
Someone claiming to be behind the reported leak of private account information on millions of Snapchat users says the goal was to raise public awareness about online security holes in the popular photo-sharing app.
A website called SnapchatDB.info went online on New Year’s Eve, offering for download what it said was a database containing the usernames and phone numbers of 4.6 million Snapchat accounts. (The last two digits of the phone numbers were blacked out.)
“This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,” the site said.
“The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”
By Wednesday morning, the site was taken down, but not before several visitors said they managed to download the database.
In a follow-up statement Wednesday to several tech media sites, including The Verge and TechCrunch, SnapchatDB said:
“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.”
TechCrunch said one of its readers found his own number, as well as the number of Snapchat co-founder Evan Spiegel, on the leaked list.
Snapchat officials did not immediately respond to an email request for comment from NBC News.
The company was founded just two years ago by Spiegel and Bobby Murphy, two former Stanford University fraternity brothers. Its photo-sharing app for smartphones has been a bit hit among teens, who like it because the often-embarrassing or racy images they snap automatically disappear shortly after they’re sent.
In November, Snapchat reportedly rejected a $3 billion buyout offer from Facebook.
An Australia-based group called Gibson Security has been complaining for months that Snapchat’s app code is riddled with security holes. On Christmas Day, Gibson Security posted an online report that explained how the app could be hacked to expose user account information.
Two days later, Snapchat appeared to downplay the severity of the security concerns. In a blog post, the company said:
“Adding a phone number to your Snapchat account is optional, but it’s helpful for allowing your friends to find you. We don’t display the phone numbers to other users and we don’t support the ability to look up phone numbers based on someone’s username.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
Apparently, those measures weren’t enough.
First published January 1 2014, 1:44 PM