An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
January 1, 2014 11:06 am GMT
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/99cub5pdBbc/
Confirmed: Snapchat Hack Not A Hoax, 4.6M Usernames And Numbers Published
A site called SnapchatDB.info hassaved usernames and phone numbers for 4.6 million accounts and made the information available for download. SnapchatDB says that it got the information through a recently identified and patched Snapchat exploit and that it is making the data available in an effort to convince the messaging app to beef up its security. We’ve reached out to Snapchat and SnapchatDB for comment. Earlier we speculated that SnapchatDB might be a hoax meant to call attention to the app’s security issues but, as it turns out, it’s real–at least one member of our editorial team has been affected. A reader also told us he found his own number, that of several friends and Snapchat founder Evan Spiegel in the list. OnHacker News, several people have had trouble downloading the data files (I just got an error message for both of them, but that may be because of high traffic), but aJailbreak subreddituserwho saw the list said that only numbers in some parts of the U.S. have been published so far. SnapchatDB said it “censored the last two digits of the phone numbers” in order to “minimize spam and abuse,” but it might still release the unfiltered data, including millions of phone numbers. The Next Web did a WHOIS lookup on SnapchatDB’s domain and found it was created just yesterday on December 31. The registrant’s name is protected, but its mailing address and contact number are both listed in Panama. The site appears to have been created in response to recently identified flaws in Snapchat’s security. Last week, ZDNet published an article on how white-hat Gibson Security researchers had tried to alert Snapchat to ways that hackers would connect usernames to phone numbers for user in stalking, but were ignored. Gibson Security then published the exploit publicly on Christmas Eve. The firm said that hackers could use two exploits to gain access to users’ personal data, including their real names, usernames and phone numbers, through Snapchat’s Android and iOS API. Snapchat did offer a public statement, but as TechCrunch’s Josh Constine wrote, it wasn’t very satisfactory because it did not offer details on how its countermeasures would work, such as rate limiting, bad IP blocking, or automated systems that scan suspicious activity. Snapchat said: “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number inOriginal Link: http://feedproxy.google.com/~r/Techcrunch/~3/99cub5pdBbc/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch