In a savage indictment of how weak security systems are at new-fangled social media and messaging apps, a group called SnapchatDB hacked the usernames and phone numbers of 4.6 million users of the popular Snapchat photo-messaging app.

Snapchat

Snapchat cool to warning

The group wrote to TechCrunch, claiming it obtained the information through an “exploit” that had been alerted to Snapchat by Gibson Security.

Apparently, Snapchat paid scant respect to Gibson’s warning and “was reluctant to taking the necessary steps to secure user data,” alleges SnapchatDB’s communication to TechCrunch. Snapchat did post a rather nonchalant response here.

Hacked data posted to the web

Piqued, SnapchatDB has now taken the unprecedented step of posting the hacked information to the Internet as a downloadable database, and there are fears that the compromise could affect millions. However, the group claims, “Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.”

It’s beyond comprehension that Snapchat appears to be dragging their feet on fixing this security issue. The hackers were kind enough to censor the information, and the last two digits of the telephones numbers appear blurred. But it may not stop here – the hackers have issued a veiled threat that they just might release the raw data.

Serious implications

According to TechCrunch, it is a common practice for people to use the same user IDs for various apps, and the Snapchat information could be used by nefarious interests to get their hands on contact numbers for people on Facebook or Twitter.

The incident is a blot on Snapchat’s reputation, a high-flying and valuable app that was viewed as the breakout consumer product of 2013. The company rejected buyout bids worth billions and has succeeded in securing multiple rounds of financing from high profile investors.