Was Your Snapchat Data Leaked?

Tyler Durden's picture


As reported earlier, on New Year's Day a group called SnapchatDB, in a painfully ironic move, hacked and publicly exposed the user names and phone numbers for 4.6 million users of the site that prides itself in its secrecy of its transmitted content (which supposedly disappears once it is deleted everywhere except on the NSA's hard drives to be used in the future as the opportunity presents itself) primarily involving photos of user genitals and market-moving inside information. Explaining its actions, SnapchatDB's statement was as follows:

Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.


We used a modified version of gibsonsec’s exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.


We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.

TechChrunch summarized the situation concisely:

The Gibson Security report and SnapchatDB are both reminders that even in an ephemeral messaging service, it would be a mistake to be lulled into a sense of security about the information that you do have stored with the app. “People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with,” SnapchatDB stated on the site.

Of course, in this day and age when we revealed the NSA's leaked backdoor hacks, why anyone would assume anything they transmit over the internet - even encrypted - is secure is beyond us.

In the meantime, however, for those concerned if their Snapchat account was among those hacked, here is a simple way to check if your username was among the victims. The advice of the creators of the lookup database: "If your data has been leaked, don't freak out! There are a few things you can do if you've been affected. First and foremost, you can delete your Snapchat account here - sadly, this won't remove your phone number from the already circulating leaked database."

Your rating: None

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Thu, 01/02/2014 - 11:50 | 4293205 Mercury
Mercury's picture

The internet is forever.

Thu, 01/02/2014 - 11:51 | 4293208 Divided States ...
Divided States of America's picture

The more websites you sign up, the more watched you become...dont sign up for anymore shit.

Thu, 01/02/2014 - 11:58 | 4293240 pods
pods's picture

My phone's been ringing off the hook since they linked my phone number to that pic of my junk!

Carlos Danger

Thu, 01/02/2014 - 12:33 | 4293342 NoDebt
NoDebt's picture

Go ahead.  Put your user name into that box one more time.  I double dog dare you.  Complete your journey to the dark side of identity theft.

Snapchat couldn't contact those users directly with a proactive message through their own service?  No, you gotta go pump your USID into another box on the internet.  A box I'm sure no hacker is monitoring to fill in the missing pieces of data they didn't steal earlier (like if you are an active user of your account, which keying in on that portal would confirm).

Thu, 01/02/2014 - 13:59 | 4293671 Four chan
Four chan's picture

i have no idea what snapchat is.


Thu, 01/02/2014 - 14:11 | 4293740 Son of Loki
Son of Loki's picture

Weiner praised the leak citing free publicity.

Thu, 01/02/2014 - 14:25 | 4293780 Stackers
Stackers's picture

1st rule about Fight Club !

Thu, 01/02/2014 - 15:29 | 4293978 Boris Alatovkrap
Boris Alatovkrap's picture

Wiener is leak? Sorry, but too much to inform.

Thu, 01/02/2014 - 12:32 | 4293350 WillyGroper
Thu, 01/02/2014 - 13:00 | 4293455 ebworthen
ebworthen's picture

Yeah, and it's all guys calling, damnb'it!

Thu, 01/02/2014 - 14:09 | 4293729 jefferson32
jefferson32's picture

It's wrong to write that encrypted data can be compromised by the NSA. There is indeed no such thing as absolute safety (it tends to zero as the intruder's resources tend to infinity). But the NSA's resources are not infinite - strong, well-implemented crypto is much too expensive to break, even by the NSA.

Thu, 01/02/2014 - 11:50 | 4293207 philosophers bone
philosophers bone's picture

And it's gone!! (the next big tech ponzi IPO) 

Thu, 01/02/2014 - 11:54 | 4293219 Colonel Klink
Colonel Klink's picture

Snapshat, your data out.

Thu, 01/02/2014 - 11:55 | 4293221 slotmouth
slotmouth's picture

LinkedIn is even worse, they are actively hacking you and spamming your friends. http://gigaom.com/2013/09/21/linkedin-is-breaking-into-user-emails-spamming-contacts-lawsuit/


Thu, 01/02/2014 - 12:11 | 4293263 Mercury
Mercury's picture

Eventually they’ll be able to tell that your phone and another person’s phone spent the hours of 11pm-->8am on xx/xx/xx date, stationary and within 10 feet of each other.

 Whoever sees that data will likely draw certain conclusions as to what that data means…


Thu, 01/02/2014 - 12:34 | 4293349 konputa
konputa's picture

Eventually? That's happening now. NSA tracks you and your co-travelers and uses it to identify your associates and link you to illegal activity or other events of interest.



Thu, 01/02/2014 - 14:22 | 4293768 Herd Redirectio...
Herd Redirection Committee's picture

I've never used a cellphone, and don't plan on using one in the future either.  Same goes for Google Glass or some embeddable microchip.  No thanks!

Thu, 01/02/2014 - 12:16 | 4293297 adr
adr's picture

I never gave LinkedIn my primary e-mail but a contact of mine has my primary email linked with them in thier contact info. So now I get spam from LinkedIn on three different email accounts.

I also don't give a fuck about some guys new job skill that I met ten years ago and is linked to me through somebody else. I won't endorse my college roommate's new skill that he doesn't posses either.

I'll have to look up that lawsuit and add my name.

Fucking business world. You used to be declined for a job if you didn't have a resume on Monster.com. Now you won't get a job because your skills weren't endorsed on LinkedIn.

Thu, 01/02/2014 - 12:36 | 4293373 Divided States ...
Divided States of America's picture

Do you think theres a coincidence that all the social media companies are headed by Jews? Zuckerberg (FB), LinkedIn (Weiner), Yelp (Stoppelman) etc

But the top dog is Page/Brin combo at GOOG or basically you can call it JOOG.

All these companies want to know everything about us. What we do at night, what color our piss is and which porn flick we like the most.

Guess why JOOG is now into armed robotics? Its their quest for world domination by knowing everything they need to know about everyone else and terminating those people that gets in their way.

The internet is their web to infiltrate into the privacy of our everyday lives.

Thu, 01/02/2014 - 12:51 | 4293413 unrulian
unrulian's picture

Hey FS...sup?

Thu, 01/02/2014 - 13:05 | 4293461 Divided States ...
Divided States of America's picture

Wish FS was still around, damn, 2014 wont be the same as 2013 on ZH.

Thu, 01/02/2014 - 15:25 | 4293968 Musashi Miyamoto
Musashi Miyamoto's picture

Just curious, What percentage of Jews do you think are bad?

Thu, 01/02/2014 - 12:37 | 4293361 Yes We Can. But...
Yes We Can. But Lets Not.'s picture

I won't sign up for LinkedInWithTheNSA.

Am I mssing out on much?

Thu, 01/02/2014 - 11:52 | 4293222 Musashi Miyamoto
Musashi Miyamoto's picture


DEC 27

"...Occasionally computer security professionals and other helpful people reach out to us about potential bugs and vulnerabilities in Snapchat. We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us...

...Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse...

Happy Snapping!"

This is why i don't use a smart phone

Thu, 01/02/2014 - 12:08 | 4293264 FeralSerf
FeralSerf's picture

It is now technologically possible to have someone with a smartphone droned automatically. There is no need for anyone on the joystick anymore, just someone to enter the lucky recipient's phone number.

There is likely new technology being developed (or already developed) that has miniaturized these drones so they can be more personal, i.e. just kill one "terrorist" (or troublesome unit of livestock), rather than the entire wedding party.

It may be unsafe to steal another person's smartphone in the near future if that person is on someone's shitlist.

Thu, 01/02/2014 - 12:29 | 4293329 Musashi Miyamoto
Musashi Miyamoto's picture


Check it out. I have not used these guys but I'm starting to look at several options.

Thu, 01/02/2014 - 13:56 | 4293674 zerozulu
zerozulu's picture

Pigeons raising business looks promising.

Thu, 01/02/2014 - 14:38 | 4293814 Herd Redirectio...
Herd Redirection Committee's picture

Belgium and England...  They still breed pigeons there AFAIK.

Thu, 01/02/2014 - 11:57 | 4293226 BullyBearish
BullyBearish's picture

Pretty bad when the only "Mommy" you can run to is the biggest perpetraitor of all...

Thu, 01/02/2014 - 12:00 | 4293227 NuYawkFrankie
NuYawkFrankie's picture

Not to be confused with SnatchChat -  the dating-site for garrulous 69ers.


Thu, 01/02/2014 - 11:57 | 4293237 GumbyMe
GumbyMe's picture

Data leak? How can you have a "data leak" on a site where idiots post their personal information to share with others?

Thu, 01/02/2014 - 12:07 | 4293256 Dr. No
Dr. No's picture

Its a "leak" since it was not authorized.  Authorization only happens when SnapChat sells the data to various marketing and sales companies to build spam..er.. mailing lists.

Thu, 01/02/2014 - 11:58 | 4293239 GrinandBearit
GrinandBearit's picture

95% of the sheeple are tech toy addicted narcissists.

It's very simple...


Thu, 01/02/2014 - 12:04 | 4293250 Ketchup on a Hotdog
Ketchup on a Hotdog's picture

GS Lookup is a good way to get all the remaining user IDs.  

Thu, 01/02/2014 - 12:05 | 4293252 Dr. Engali
Dr. Engali's picture

Pfffttt.... Who cares? The government is our friend. The important thing is that we are safe from those scary Muslim terrorists.

Thu, 01/02/2014 - 14:04 | 4293689 zerozulu
zerozulu's picture

My biggest worry is the day when people who believed from their heart that .GOV is saving them from terrorist, find who really are the terrorist.

Thu, 01/02/2014 - 12:03 | 4293255 Kilgore Trout
Kilgore Trout's picture

WTF is a snapchat? Never mind, don't tell me.

Thu, 01/02/2014 - 12:09 | 4293269 adr
adr's picture

Supposedly worth $20 billion + with no revenue to speak of and no hope of profit ever.

Thu, 01/02/2014 - 12:14 | 4293278 The man with po...
The man with pointy horns's picture

Ever heard of ad revenue, potential-revenue-which-will-be-profits-just-around-the-corner and Amazon's undefined P/E?

Thu, 01/02/2014 - 12:25 | 4293318 adr
adr's picture

I can also think of the potential gratification of shoving my dick in my wife's ass. There's only one thing standing in the way, my wife.

I love this new world where having a successful business model is having no business model.

You can buy anything from A to Z on Amazon except for something that starts with P. Profit.

Thu, 01/02/2014 - 14:37 | 4293821 Herd Redirectio...
Herd Redirection Committee's picture

I work for a rather small company and I regularly opine to myself, why are other companies with less profits, more highly valued?  How come only Twitter, AMZN, LinkedIn get absurd valuations, on no profits?

Thu, 01/02/2014 - 23:02 | 4295390 StychoKiller
StychoKiller's picture

Perhaps you should mention Kegel exercises to yer wife...

Thu, 01/02/2014 - 14:56 | 4293883 redux2redux
redux2redux's picture

With E being ZERO, your P/E is infinite. That's good right?

'To infinity and beyond...'



Thu, 01/02/2014 - 12:13 | 4293285 Dr. No
Dr. No's picture

In a world where US gov debt has a face value of $17T, $20B on SnapChat does not seem so outlandish.

Thu, 01/02/2014 - 12:29 | 4293338 Darksky
Darksky's picture

Snapchat...i still dont know what twitter and facebook are.

Thu, 01/02/2014 - 12:12 | 4293266 The man with po...
The man with pointy horns's picture

Yet more evidence of America's exceptionalism. Only they get their data leaked in such a blatant manner.

Okay, so everyone has had their data leaked and sold. But Americans have the front seats as we witness this descent into this technological totalitarian nightmare.

Thu, 01/02/2014 - 12:18 | 4293307 fudge
fudge's picture

dumb fuckers



Thu, 01/02/2014 - 12:21 | 4293309 Rising Sun
Rising Sun's picture

nice hack Zuckerberg - you little fucking prick!!!

Thu, 01/02/2014 - 12:28 | 4293326 adr
adr's picture

Zuckerberg's just pissed he can't look at underage male genitals on Facebook.

When does the CEO of Snapchat go to jail for facilitating the distribution of child porn?

Thu, 01/02/2014 - 12:32 | 4293340 Colonel Klink
Colonel Klink's picture

As soon as the SEC/NSA is done looking at it.

Do NOT follow this link or you will be banned from the site!