4.6 million Snapchat usernames and phone numbers have captured after hackers exploited a security flaw exposed by Australian white-hat hackers and posted the information online.The usernames and phone numbers were published on a site called SnapchatDB.info, which as of Wednesday afternoon was suspended. It has since been taken offline but a cached version is still available.
The hack comes days after an Australian firm, Gibson Security, warned of vulnerabilities in Snapchat's app which it said could be exploited by hackers.
Gibson Security said it was not involved in the hack:
"We know nothing about SnapchatDB, but it was a matter of time till something like that happened,"
SnapchatDB said:
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.
We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness."
Right now, the database is censored, blurring the last two digits of each user’s phone number. But the hackers, who are currently anonymous, hinted that they might be willing to turn over the raw data to the right party.
Gibson Security told Vice that anyone who has been affected should delete their Snapchat account and possibly change their phone number.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment