Earlier this week, we, and several other tech blogs reported that Snapchat had been given a Christmas gift from security firm Gibson Security. The gift came in the form of a report outlining weaknesses in Snapchat’s infrastructure that ate at the core of the app, it’s anonymity.
Snapchat allows users to send “self destructing” messages to each other. They have an enormous teen user base because of their privacy and anonymity features.
The tell all details of the report said that “Snapchat names, aliases and phone numbers can be discovered and harvested via the Snapchat Android and iOS API even if the user’s account is private.” Gibson reportedly tried numerous times to get in contact with Snapchat dating back to August, but to no avail. After being ignored over and over, Gibson decided it was best to let the public know about the flaw in Snapchat because it’s grown so quickly. Probably the kicker in the original report was that Gibson found just changing 10 lines of code would eliminate the vulnerabilities that Gibson discovered.
At the end of the Gibson report they added instructions on how to perform two exploits on Snapchat. One was called “Find Friends” and “Bulk Registration”.
Now, the national media has reported that Snapchat has been hacked by a group of anonymous hackers. According to Forbes and CBS News, the hackers made off with 4.6 million usernames and phone numbers of Snapchat users. It’s believed that the breached data may have also left digital clues leading to Facebook and Twitter accounts.
Gibson Security has responded to the breached data leak by setting up a website for Snapchat users that will tell them whether or not their data was compromised. If an account is compromised the phone number associated with the user name will appear with the last two digits omitted.
At the time this story was written, Snapchat hadn’t responded to any media requests for comment.