Nation & World News

Alleged Hackers Explain Reasons For Posting Snapchat Data

By Bill Chappell on January 2nd, 2014

After millions of Snapchat usernames and other data were posted online, a group is saying it revealed the partial phone numbers and other information because the social-sharing service didn’t do enough to increase its security. The popular service allows users to send images that vanish 10 seconds after they’re seen.

Some 4.6 million Snapchat usernames and matching phone numbers were published online late Tuesday, a week after the hacking research group Gibson Security posted instructions for how to access Snapchat users’ information. The data were posted online this week — minus the final two digits of all the phone numbers.

Snapchat had previously acknowledged the vulnerability, which Gibson Security says it pointed out in August. The security group says it did not retrieve the data that were posted this week.

Others have claimed responsibility for the leak. And they told The Verge what they were thinking:

” ‘Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed,’ they say. ‘Security matters as much as user experience does.’ ”

The hacking “exploit” that exposed users’ data relies on a feature in Snapchat that lets people find their friends by comparing their phone’s contacts list against phone numbers that are already registered with the service.

On Dec. 27, the company said that in theory, “a huge set of phone numbers, like every number in an area code, or every possible number in the U.S.” could be submitted, which could then yield a large list of matching usernames.

Those remarks come from a blog post in which Snapchat — which has reportedly rejected multibillion-dollar purchase offers from Google and Facebook — said it had taken several steps to improve security. The company has not posted an update on the issue.

“The linking of phone numbers to usernames in accounts from major cities within the United States and Canada is a private information disaster that could have been avoided if the company had acted when repeatedly warned,” ZDNet reports. “Gibson Security told ZDNet that fixing the threat would have only cost Snapchat ten lines of code.”

If you’re a Snapchat user who wants to see if your account was affected, you might want to consult a page posted by Gibson Security today that lets you compare a username against the exposed database.

The page also includes instructions about next steps. They include deleting a Snapchat account and getting a new phone number.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

This entry was posted in News from NPR. Bookmark the permalink.

Comments are closed.

 

More Stories in News from NPR

Migrants arriving at the Lampedusa island harbor aboard an Italian Coast Guard ship early Sunday. Ships rescued 3,690 migrants in just one day from smugglers' boats on the Mediterranean Sea off the Libyan coast, the Italian Coast Guard says.

Italian Coast Guard Rescues 3,700 Migrants In Mediterranean

A series of small operations in a single day managed to pick up the refugees fleeing North Africa in smugglers’ boats in hopes of reaching Europe.


Mayor Stephanie Rawlings-Blake speaks during a media availability at City Hall, on Friday. The mayor announced Sunday that she was lifting a week-long 10 p.m. curfew that followed civil unrest over the death of Freddie Gray from injuries he sustained in police custody.

Baltimore Mayor Lifts Curfew

Stephanie Rawlings-Black announced via Twitter that she has rescinded the curfew effective immediately.


A boy crawls into the ruins of a collapsed building to look for usable things in Nepal capital Kathmandu on Sunday. Officials say they have found three survivors in the rubble a full week after a powerful earthquake.

101-Year-Old Man Among Quake Survivors Found In Nepal

Another man and a woman were rescued from wreckage in a village a full week after the devastating magnitude-7.8 earthquake that has more than 7,000.


Leg 5 from New Zealand to Itajai, Brazil aboard aboard Team SCA in March.

A Boat Of Their Own: All-Women Team Tackles Sailing’s Toughest Race

For the first time since 2001, an all-women team is competing in the Volvo Ocean Race, an around-the-world slog through some of the most unforgiving water on the planet.


American Pharoah #18, ridden by Victor Espinoza (left), races Firing Line #10, ridden by Gary Stevens, out of turn 4 during the 141st running of the Kentucky Derby at Churchill Downs on Saturday.

American Pharoah Wins 2015 Kentucky Derby

The Bob Baffert-trained horse, ridden by Victor Espinoza, was the favorite heading into the 141st Kentucky Derby at Churchill Downs in Louisville.


Thank you for your support

WUFT depends on the support of our community — people like you — to help us continue to provide quality programming to North Central Florida.
Become a Sustainer
I want to support FM 89.1/NPR
I want to support Florida's 5/PBS
Donate a Vehicle
Underwriting Payments