Millions of Snapchat users found their privacy compromised on New Year's Eve. Credit: Snapchat A group of hackers posted the phone numbers and usernames of 4.6 million Snapchat users on Tuesday night on website SnapchatDB.info. Visitors were able to download Snapchat users' phone numbers attached with their usernames. The phone numbers' last two digits were censored, however, to minimize abuse.
SnapchatDB was taken down shortly thereafter, but a new website called GS Lookup allows Snapchat users to check and see if they were among those who were hacked.
On Dec. 27, Snapchat addressed the possibility of such a security breach on the company's blog: "Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do."
These hackers proved Snapchat wrong. The people behind SnapchatDB essentially said they were trying to teach the company a lesson. They told TechCrunch, "Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."
The silver lining is that abbreviated phone numbers and usernames are fairly minor breaches of privacy. Snapchat has yet to address the incident.