Was Your Snapchat Data Leaked?

Tyler Durden's picture

As reported earlier, on New Year's Day a group called SnapchatDB, in a painfully ironic move, hacked and publicly exposed the user names and phone numbers for 4.6 million users of the site that prides itself in its secrecy of its transmitted content (which supposedly disappears once it is deleted everywhere except on the NSA's hard drives to be used in the future as the opportunity presents itself) primarily involving photos of user genitals and market-moving inside information. Explaining its actions, SnapchatDB's statement was as follows:

Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

 

We used a modified version of gibsonsec’s exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.

 

We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness.

TechChrunch summarized the situation concisely:

The Gibson Security report and SnapchatDB are both reminders that even in an ephemeral messaging service, it would be a mistake to be lulled into a sense of security about the information that you do have stored with the app. “People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with,” SnapchatDB stated on the site.

Of course, in this day and age when we revealed the NSA's leaked backdoor hacks, why anyone would assume anything they transmit over the internet - even encrypted - is secure is beyond us.

In the meantime, however, for those concerned if their Snapchat account was among those hacked, here is a simple way to check if your username was among the victims. The advice of the creators of the lookup database: "If your data has been leaked, don't freak out! There are a few things you can do if you've been affected. First and foremost, you can delete your Snapchat account here - sadly, this won't remove your phone number from the already circulating leaked database."

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Mercury's picture

The internet is forever.

Divided States of America's picture

The more websites you sign up, the more watched you become...dont sign up for anymore shit.

pods's picture

My phone's been ringing off the hook since they linked my phone number to that pic of my junk!

Carlos Danger

NoDebt's picture

Go ahead.  Put your user name into that box one more time.  I double dog dare you.  Complete your journey to the dark side of identity theft.

Snapchat couldn't contact those users directly with a proactive message through their own service?  No, you gotta go pump your USID into another box on the internet.  A box I'm sure no hacker is monitoring to fill in the missing pieces of data they didn't steal earlier (like if you are an active user of your account, which keying in on that portal would confirm).

Four chan's picture

i have no idea what snapchat is.

 

Son of Loki's picture

Weiner praised the leak citing free publicity.

Stackers's picture

1st rule about Fight Club !

Boris Alatovkrap's picture

Wiener is leak? Sorry, but too much to inform.

ebworthen's picture

Yeah, and it's all guys calling, damnb'it!

jefferson32's picture

It's wrong to write that encrypted data can be compromised by the NSA. There is indeed no such thing as absolute safety (it tends to zero as the intruder's resources tend to infinity). But the NSA's resources are not infinite - strong, well-implemented crypto is much too expensive to break, even by the NSA.

philosophers bone's picture

And it's gone!! (the next big tech ponzi IPO) 

Colonel Klink's picture

Snapshat, your data out.

slotmouth's picture

LinkedIn is even worse, they are actively hacking you and spamming your friends. http://gigaom.com/2013/09/21/linkedin-is-breaking-into-user-emails-spamming-contacts-lawsuit/

 

Mercury's picture

Eventually they’ll be able to tell that your phone and another person’s phone spent the hours of 11pm-->8am on xx/xx/xx date, stationary and within 10 feet of each other.

 Whoever sees that data will likely draw certain conclusions as to what that data means…

 

konputa's picture

Eventually? That's happening now. NSA tracks you and your co-travelers and uses it to identify your associates and link you to illegal activity or other events of interest.

 

http://apps.washingtonpost.com/g/page/national/how-the-nsa-is-tracking-p...

Herd Redirection Committee's picture

I've never used a cellphone, and don't plan on using one in the future either.  Same goes for Google Glass or some embeddable microchip.  No thanks!

adr's picture

I never gave LinkedIn my primary e-mail but a contact of mine has my primary email linked with them in thier contact info. So now I get spam from LinkedIn on three different email accounts.

I also don't give a fuck about some guys new job skill that I met ten years ago and is linked to me through somebody else. I won't endorse my college roommate's new skill that he doesn't posses either.

I'll have to look up that lawsuit and add my name.

Fucking business world. You used to be declined for a job if you didn't have a resume on Monster.com. Now you won't get a job because your skills weren't endorsed on LinkedIn.

Divided States of America's picture

Do you think theres a coincidence that all the social media companies are headed by Jews? Zuckerberg (FB), LinkedIn (Weiner), Yelp (Stoppelman) etc

But the top dog is Page/Brin combo at GOOG or basically you can call it JOOG.

All these companies want to know everything about us. What we do at night, what color our piss is and which porn flick we like the most.

Guess why JOOG is now into armed robotics? Its their quest for world domination by knowing everything they need to know about everyone else and terminating those people that gets in their way.

The internet is their web to infiltrate into the privacy of our everyday lives.

Divided States of America's picture

Wish FS was still around, damn, 2014 wont be the same as 2013 on ZH.

Musashi Miyamoto's picture

Just curious, What percentage of Jews do you think are bad?

Yes We Can. But Lets Not.'s picture

I won't sign up for LinkedInWithTheNSA.

Am I mssing out on much?

Musashi Miyamoto's picture

http://blog.snapchat.com/

DEC 27

"...Occasionally computer security professionals and other helpful people reach out to us about potential bugs and vulnerabilities in Snapchat. We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us...

...Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse...

Happy Snapping!"

This is why i don't use a smart phone

FeralSerf's picture

It is now technologically possible to have someone with a smartphone droned automatically. There is no need for anyone on the joystick anymore, just someone to enter the lucky recipient's phone number.

There is likely new technology being developed (or already developed) that has miniaturized these drones so they can be more personal, i.e. just kill one "terrorist" (or troublesome unit of livestock), rather than the entire wedding party.

It may be unsafe to steal another person's smartphone in the near future if that person is on someone's shitlist.

Musashi Miyamoto's picture

http://www.anti-interception.com/samsung-g600-2014-top-level.html

Check it out. I have not used these guys but I'm starting to look at several options.

zerozulu's picture

Pigeons raising business looks promising.

Herd Redirection Committee's picture

Belgium and England...  They still breed pigeons there AFAIK.

BullyBearish's picture

Pretty bad when the only "Mommy" you can run to is the biggest perpetraitor of all...

NuYawkFrankie's picture

Not to be confused with SnatchChat -  the dating-site for garrulous 69ers.

 

GumbyMe's picture

Data leak? How can you have a "data leak" on a site where idiots post their personal information to share with others?

Dr. No's picture

Its a "leak" since it was not authorized.  Authorization only happens when SnapChat sells the data to various marketing and sales companies to build spam..er.. mailing lists.

GrinandBearit's picture

95% of the sheeple are tech toy addicted narcissists.

It's very simple...

STAY AWAY FROM ALL SOCIAL MEDIA WEBSITES.

Ketchup on a Hotdog's picture

GS Lookup is a good way to get all the remaining user IDs.  

Dr. Engali's picture

Pfffttt.... Who cares? The government is our friend. The important thing is that we are safe from those scary Muslim terrorists.

zerozulu's picture

My biggest worry is the day when people who believed from their heart that .GOV is saving them from terrorist, find who really are the terrorist.

Kilgore Trout's picture

WTF is a snapchat? Never mind, don't tell me.

adr's picture

Supposedly worth $20 billion + with no revenue to speak of and no hope of profit ever.

The man with pointy horns's picture

Ever heard of ad revenue, potential-revenue-which-will-be-profits-just-around-the-corner and Amazon's undefined P/E?

adr's picture

I can also think of the potential gratification of shoving my dick in my wife's ass. There's only one thing standing in the way, my wife.

I love this new world where having a successful business model is having no business model.

You can buy anything from A to Z on Amazon except for something that starts with P. Profit.

Herd Redirection Committee's picture

I work for a rather small company and I regularly opine to myself, why are other companies with less profits, more highly valued?  How come only Twitter, AMZN, LinkedIn get absurd valuations, on no profits?

StychoKiller's picture

Perhaps you should mention Kegel exercises to yer wife...

redux2redux's picture

With E being ZERO, your P/E is infinite. That's good right?

'To infinity and beyond...'

 

/SARCASM

Dr. No's picture

In a world where US gov debt has a face value of $17T, $20B on SnapChat does not seem so outlandish.

Darksky's picture

Snapchat...i still dont know what twitter and facebook are.

The man with pointy horns's picture

Yet more evidence of America's exceptionalism. Only they get their data leaked in such a blatant manner.

Okay, so everyone has had their data leaked and sold. But Americans have the front seats as we witness this descent into this technological totalitarian nightmare.

fudge's picture

dumb fuckers

*/LAFFIN

 

Rising Sun's picture

nice hack Zuckerberg - you little fucking prick!!!

adr's picture

Zuckerberg's just pissed he can't look at underage male genitals on Facebook.

When does the CEO of Snapchat go to jail for facilitating the distribution of child porn?

Colonel Klink's picture

As soon as the SEC/NSA is done looking at it.