As many as 4.6 million Snapchat users have had their usernames and telephone numbers leaked, according to the group that posted them publicly online.
The apparent breach, which Snapchat is yet to comment on, came a matter of days before Australian researchers from Gibson Security detailed a way to access such information from the photo messaging company.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” the company admitted.
Yet the information was accessed and subsequently published by an unknown hacking collective on a website called SnapchatDB, using Gibson Security methods. “The company [Snapchat] was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it,” a message accompanying the leak read.
Whilst the last two digits of people’s numbers have been blanked out in the published data, security experts remain concerned about the potential for abuse.
“An obvious concern is that many people on the internet adopt the same username on multiple services, perhaps making it easy for unauthorised parties to determine the private phone numbers of – say – Twitter or Facebook users,” wrote security expert Graham Cluley, in his blog.
“And, of course, it’s possible that you have been flirting with someone via Snapchat that you didn’t want to have access to your phone number. Snapchat, you will remember, is designed to let you send a sexy snap that is only supposed to be viewable for a few seconds before it is destroyed.”
Snapchat had not responded to a request for comment at the time of publication.
UPDATE: Following this news, Massachusettes-based programmer and Snapchat userVik Paruchuri has released Snapcheck, a website where users can enter their Snapchat username or mobile phone number in order to see if their information has been leaked.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…