Snapchat’s Security Vulnerability Exposed

In a savage indictment of how weak security systems are at new-fangled social media and messaging apps, a group called SnapchatDB hacked the usernames and phone numbers of 4.6 million users of the popular Snapchat photo-messaging app.

Snapchat cool to warning

The group wrote to TechCrunch, claiming it obtained the information through an “exploit” that had been alerted to Snapchat by Gibson Security.

Canyon Profits On Covid Crisis Refinancings

stimulus dealCanyon Partners' Canyon Balanced Funds returned -0.91% in October, net of fees and expenses, bringing the year-to-date return to -13.01%. However, according to a copy of the firm's investor correspondence, which ValueWalk has been able to review, the fund quickly bounced back in November, adding 7.3% for the month. Net of fees, the letter reported, Read More

Apparently, Snapchat paid scant respect to Gibson’s warning and “was reluctant to taking the necessary steps to secure user data,” alleges SnapchatDB’s communication to TechCrunch. Snapchat did post a rather nonchalant response here.

Hacked data posted to the web

Piqued, SnapchatDB has now taken the unprecedented step of posting the hacked information to the Internet as a downloadable database, and there are fears that the compromise could affect millions. However, the group claims, “Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.”

It’s beyond comprehension that Snapchat appears to be dragging their feet on fixing this security issue. The hackers were kind enough to censor the information, and the last two digits of the telephones numbers appear blurred. But it may not stop here – the hackers have issued a veiled threat that they just might release the raw data.

Serious implications

According to TechCrunch, it is a common practice for people to use the same user IDs for various apps, and the Snapchat information could be used by nefarious interests to get their hands on contact numbers for people on Facebook or Twitter.

The incident is a blot on Snapchat’s reputation, a high-flying and valuable app that was viewed as the breakout consumer product of 2013. The company rejected buyout bids worth billions and has succeeded in securing multiple rounds of financing from high profile investors.