Hackers leak 4.6M Snapchat usernames and phone numbers, see if you’ve been affected

By , Jan 1, 2014

snapchat 2

Bad news, Snapchat fans: a group of anonymous hackers have successfully exploited a nasty security hole in the popular IM application to hijack a whopping 4.6 million usernames and phone numbers, publishing this private data on a website called SnapchatDB.info.

The circa 40MB SQL database dump (also available as a CSV file) includes phone numbers and usernames, along with the affected users’ geographical region information.

Why did they do it? The leaked private information “is being shared with the public to raise awareness” of a Snapchat API exploit they’d used for the hack.

Snapchat has been aware of the security loophole in its application since August, but did literally nothing to patch it. Is there a way to see if you’ve been affected? Yes, there is. Read on for the full reveal…

It’s scary to think that anyone could get someone’s phone number off the leaked Snapchat database. At post time, the SnapchatDB.info website was offline with a message saying “This account has been suspended”.

“Either the domain has been overused, or the reseller ran out of resources,” reads the message.

snapchadb-exploit

According to Forbes, the website originally informed the general public that the leaked usernames of Snapchat users could be leveraged to obtain their Facebook and Twitter profile names:

You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.

As if it’s any consolation, the hackers caution they’ve “censored the last two digits of the phone numbers” in order to “minimize spam and abuse”.

Fortunately, developers Will Smidlein and Robbie Trencheny took it upon themselves to write a checker script letting concerned Snapchat users check out if their account is included in the leaked information.

Just visit this URL (or this one) that hosts the script and type in your Snapchat username to see if your account has been compromised.

The Verge sat down with the alleged hackers who were quick to note that even now the Snapchat API security hole persists.

Despite the fact that the database dump is no longer available online, there are no guarantees that it won’t resurface or get sold to third-parties. The hackers acknowledged as much: they’re offering the uncensored database to “security researchers from around the world, professors from various universities, private investigators and attorneys,” according to the article.

“Snapchat hasn’t made any efforts to contact with us but seeing how they disregarded [Gibson Security’s] communication attempts, and how they reacted after they noticed the scraping was going on, I don’t think they care enough,” the group behind the leak told The Verge.

In any event, you should immediately update your Snapchat login credentials and change your username. And if you’re using the same username and phone number on Facebook, Twitter and other social media accounts, consider re-registering for Snapchat with another phone number.

By the way, adding a phone number to your Snapchat account is completely optional.

Snapchat is available free in the App Store.

  • Share:
  • Follow:
  • chumawumba

    I’m pretty sure 90% of these usernames are of 15 year olds.

    • ✪ aidan harris ✪

      That isn’t the point. As far as i know the point is that hackers have attempted to notify Snapchat multiple times about security flaws and they’ve just straight up ignored them…

    • Anounymous

      I just checked. Nope.
      030542086XXemilio4545030542352XXmercina030542352XXtita24223030542352XXbobby_beach030542354XXmarci.s030542355XXiglesias25030542355XXkaylasanchez10030542357XXandy407030542357XXminijuan555030542357XXdacoochiekilla030542358XXvaeb80030542358XXhumbledeeva030542358XXmissjessielee030542358XXmiamishere030542359XXmacus88030542385XXmorejon030542396XXsinelk030542351XXrbtmiami030542351XXrtthree030542351XXnemel729030542350XXcadkins030542350XXhurryitwontlast030542489XXmadison45030542518XXalesayswuut030542865XXmar.istheocean030543058XXsydatsea030543143XXtheanthonylj030543115XXmanderss_27030543181XXfrankieruiz305030543170XXsmiley01

      • Anounymous

        030542354XXmarci.s030542355XXiglesias25030542355XXkaylasanchez10030542357XXandy407030542357XXminijuan555030542357XXdacoochiekilla030542358XXvaeb80030542358XXhumbledeeva030542358XXmissjessielee030542358XXmiamishere030542359XXmacus88030542385XXmorejon030542396XXsinelk030542351XXrbtmiami030542351XXrtthree030542351XXnemel729030542350XXcadkins030542350XXhurryitwontlast030542489XXmadison45030542518XXalesayswuut030542865XXmar.istheocean030543058XXsydatsea030543143XXtheanthonylj030543115XXmanderss_27030543181XXfrankieruiz305030543170XXsmiley01

  • Ben

    I am not effected. Wow.

    • Andrew Roth

      I’m not either. :)

  • Question

    Luckily i don’t have snapchat :D

  • Windy Joseph

    Mine wasn’t leaked, I am very big on privacy that is why applications such as Facebook, snapchat, instagram, or anything that requires access to my contacts.. I installed them on my iPad or iPod. The capabilities of what people are able to do with technology is mind boggling.

  • Bradley Wyatt

    You must of wrote this yesterday. The domain has been suspended. Its on thepiratebay now

  • Derp

    This has never been more appropriate: OWNED!

  • JayPe1104

    Site has been taken down

  • jack

    oh snap

    • Tre Scaggs

      LOL I see what you did there.

  • Liam Mulcahy

    Those hackers are douchebags and give people like the evad3rs a bad name.

    • ConduciveMammal

      No they don’t. People knowledgeable in that area of expertise know the difference. These guys are what’s known as “Black Hat hackers” they hack into systems to cause harm.

      The Evad3rs are known as “White Hat hackers”, people who hack systems for a good cause. Security experts hack systems such as Facebook and Apple and instead of selling the hack on the black market, they alert the system owners of what they’ve found so that they can fix it.

      • Edoc

        “These guys are what’s known as “Black Hat hackers” they hack into systems to cause harm.”

        Yea, trying to make a company fix their security is “to cause harm”..

        Seriously, this guys are the good guys, if after half a year of trying to make them fix it they still ignore you, for the sake of the people, you have to make everybody know of it and put pressure, and this is quite a harmless way of doing it.

        Next time read the damn post before commenting.

  • TripleXero

    I honestly don’t care if my username or number was leaked, There was no password, and I’m sure someone isn’t going to going through the millions or numbers to find mine specifically, and what would they do with it? Call me?

    • roygelbart

      They can find your location with your cellular phone number.

      • Micaiah Martin

        the CSV file has their location in it.

    • Jonathan

      Sell your number to spammers maybe?

  • Micaiah Martin

    Am I the only one who thinks that SnapChat deserved this. It’s kind of like a slap in the face to them. Look at it, they knew about this security hole for awhile and yet did nothing about it. I think they deserve this and I applaud the hackers….mainly because hackers are awesome when they do stuff like this.

    • ConduciveMammal

      The effect on SnapChat isn’t really the main concern here though, is it. The main concern is the 4.6 million users that have been affected

      • Edoc

        affected how? the phone numbers are censored, the only thing truly leaked is 4.6m usernames.. which are USELESS.

        This people did a good thing, if the company doesn’t wanna fix their security holes after being told for half a year, then this is the only way to make them pay attention.

      • http://www.datpiff.com/profile/Nuff_Saidd Nuff Said

        Just curious, where did you get half a year from?

      • Micaiah Martin

        it’s nearly been a half of a year since snap chat knew about the security exploit.

      • Edoc

        Well, I simply read the stuff before posting, it clearly says august, which makes it more than 5 months ago, nearly half a year..

      • Micaiah Martin

        well then, it’s their fault. They put their trust in a company that obviously doesn’t give a crap about security.

  • InfinitePlusOne

    Anyone downloaded it? Can’t find to see if I’m affected

  • Dosen’t Matter

    Am I the only one who never used Snapchat

  • FCBKris

    My username was leaked ! what do I do ? Help plz

    • chumawumba

      Cry

      • FCBKris

        Gtfo

    • Brad Lee

      Close the account and open a new one if you have to use snapchat. Remove your phone number from your snapchat too or call your mobile phone company and let them know you were a part of it and would like a new number. Good luck!

  • http://twitter.com/jmarsh5 Justin Marshall

    Start sarcasm: No way, I would have never thought this would happen!

  • JomanJi

    Well, their website is suspended…

  • Jonathan

    Yeah. I never liked Snapchat.

    So after the compromise, you’re having a link to the download? wow.

    • Micaiah Martin

      there are files uploaded to mediafire that I found.

  • Jeremy

    My information wasn’t leaked. :)

  • Abdl

    Somebody help me get something straight. If thay have access to people’s names and numbers,what are they going to do with them? I mean how usefull is it to them?

    • Brad Lee

      They could use that info to find people in real life and since mostly kids and teens use Snapchat, that’s a lot of risk to a very young group of people. It’s a shame!

  • Tahir Ahmetovic

    Is the website down cause i cant get on

  • Jimothy

    Since they knew of the exploit, does that give grounds for some sort of law suit?

    • John

      yeah because with the info that has been released they could become spam callers

  • Reyas Mohammed

    Luckily I didn’t install Snapchat eventhough it was showing in Top free apps ;)

  • Tre Scaggs

    I was like what’s snapchat?!?

  • Eric Peterson

    Safe :)

  • Micaiah Martin

    I have found the files. They are still online.

  • Tony Trenkle Jr.

    Anyone know who that blonde is in the Snapchat ads? Was hers one of the ones hacked?

  • n0ahcruz3

    no FB,twitter,snapchat here.. Only disqus lol

  • Joe Benning

    Those girls are hot.

  • Hugh Jass

    Watch you think about my ass

  • Hugh Jass

    911

  • Hugh Jass

    porn

  • Hugh Jass

    aa

  • Hugh Jass

    jhjyhhj

  • Hugh Jass

    anal

  • Hugh Jass

    penis

  • Hugh Jass

    cum stains

  • Hugh Jass

    or poop on the R.V.

  • Hugh Jass

    I’d say nice try, but it wasn’t

  • Hugh Jass

    You cum burping gutter slut