More than 4 Million SnapChat phone numbers, locations, and passwords have been stolen and leaked and made public. The database was put up on a site, SnapChatDB.info, where anybody could download the file. And while the site has been taken down, people who grabbed that file are already putting it to use.
Before the site was taken down, the person or persons behind the hack and SnapChatDB said that people may want to use the information “to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Also, before the site was taken down, as we mentioned, several individuals and organizations downloaded that database. At least one of them put it up, he says, so that people can check to see whether their phone number and username are part of the hacked information.
However, and this is a big “however” – going to such a site and entering your phone number or username also confirms to whomever put it up that there is someone at that telephone number who cares about whether that telephone number was compromised. Meaning the phone number is live, with a live user on the other end of it.
Making that telephone number much more valuable.
One such site is set up at SnapCheck.org, which was set up by data scientist Vik Paruchuri. We have been in touch with Vik, and he checks out ok – so we are inclined to trust that he has put it up for purely altruistic reasons.
As he explained in an email interview with us, “After checking to see if my own information was in the Snapchat leak, I set out to make snapcheck, a site that allows anyone to easily do the same. Discovering that your information has been leaked lets you take steps to protect your privacy, and I wanted everyone to have that ability. No data is stored on my server, and the version of the data that I have omits the last two digits of the phone numbers, making them anonymous.”
Vik also reassured us that he is not keeping the data that gets entered at the site.
You can look up your SnapChat username and telephone number, to see if they are part of the breach, at SnapCheck.org.
Of course, the bottom line is that knowing whether or not your phone number has been compromised may not really matter much one way or the other – if you’re an adult – it’s not as if you are going to run out and change your telephone number if it’s on the list of stolen phone numbers and usernames. Sure, you can cancel your SnapChat account and open another one with a different username (we think), but it will still be the same telephone number.
But, millions of teenagers use SnapChat. And that your teenager’s telephone number could be in the hands of a malicious actor – this is a nightmare for parents.
So, if you are a parent of a teen who uses SnapChat it’s time to have a very serious talk with your child about what to do if they get a call or text from a number they don’t recognize!
Blogger Stefan Vetter managed to snag an interview with the hacker, in which the hacker says, among other things, that they did this becauase “We value privacy and we want companies to share our values. Granted, startups have limited amount of resources but security should never be a secondary goal. User experience is highly correlated with security. Our motivation behind this release was to raise the public awareness on the issue, and also put public pressure on Snapchat to get this exploit fixed.”
As the hacker explains in the interview, it was relatively easy to grab the data due to a security hole that had been exposed, and which still remained unpatched following the breach, and as of the time of that interview.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: