Snapchat was warned in August about the possibility of the security leak
The phone numbers of 4.6 million Snapchat users have been compromised and uploaded to a now-defunct hacker website.
The partially blurred user names and phone numbers went online Wednesday, just days after Snapchat addressed the potential leak in a blog post. It was responding to concerns abut the photo-sharing app's Find Friends feature.
“We don't display the phone numbers to other users and we don't support the ability to look up phone numbers based on someone's username,” the company wrote Friday. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”
Soon after, hackers posted a sampling of the data.
“This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,” said the site that posted the information. “The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”
“For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse,” the site added. “Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”
Gibson Security, an Australian-based tech research firm, first flagged the security issue for Snapchat in August, and took to Twitter on New Year's Eve to explain: “We know nothing about SnapchatDB, but it was a matter of time til something like that happened. Also the exploit works still with minor fixes.”
As a public service, Gibson is offering concerned Snapchat users a way to find out if their phone number was obtained.
Snapchat has not yet responded to TheWrap's request for comment.