Snapchap app users are waking up to some sobering news Wednesday that information for some 4.6 million accounts have been leaked online through a website SnapchatDB.info.
Hackers identifying themselves as SnapchatDB took responsibility for the posting of the app's user data — a breach made possible by flaws in the service's security. The rogue hacker website contains a downloadable database with each user’s censored phone, username and region, blurring the last two digits of the listed phone numbers.
Back on December 27 Snapchat released a statement on the company's blog downplaying the exploit which was brought to their attention by Australia-based Gibson Security — ensuring users that it had implemented some obstacles to make accessing contact numbers "more difficult to do." Snapchat ended the post with "Happy Snapping" — a wish that's not so comforting now on New Years Day.
SnapchatDB hackers shared their motivation for the breach with The Verge, indicating that they gave Snapchat "a specific timeframe in which to fix a security flaw in their product before releasing details to the public" according to the post which confirmed the compromise of user data was not a hoax.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," SnapchatDB told The Verge. "Security matters as much as user experience does."
For those unaware of the social-sharing Snapchat app which gained tremendous momentum in 2013 — the app allows users to share "fleeting messages" through photos and short videos that disappear from the screen within 24 hours. Adding phone numbers is optional, aimed at making it easier for others to find you as a Snapchat user.
"We know nothing about SnapchatDB, but it was a matter of time til something like that happened," Gibson Security wrote Wednesday on its Twitter account. "Also the exploit works still with minor fixes."
SnapchatDB told The Verge that "it isn't related to Gibson Security, implying they've only used Gibson's published methods to scrape user data and build a database."
Snapchat has not yet made an official comment on the leak even though hackers have implied they would release the data under "certain circumstances".
"Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it." wrote SnapchatDB on their website.