Fast growing disappearing messaging service Snapchat has been the target of a hack which revealed the username and phone numbers associated with 4.6 million accounts.
Less than a week ago, the Snapchat founders were warned by security experts from Gibson Security that their databases were unsecured against such an attack, but the startup failed to act swiftly enough to fix the problems before being targeted by hackers.
Snapchat claimed that they had implemented safeguards against similar attacks in a blog post last Friday, but this appears to be incorrect, with the hackers using a hack only slightly different from the exploit exposed by Gibson Security.
The hackers who stole the information published it to a website at snapchatdb.info earlier this week, with the website having since been suspended.
TechCrunch spoke with those responsible for the hack, who explained their motivations:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.
With a service so focused on the temporary, that is used by many people for “sexting” amongst other things, security should certainly be more of a priority at Snapchat, and one hopes this hack will have reminded them of that fact.
If you’re worried your information might have been exposed, you can use this tool from Gibson Security to check if your details are among those leaked.