On New Years Eve, a group of tech-savvy security researchers (not hackers) created a website called SnapchatDB.info, where they host a database with 4.6 million user names and phone numbers of Snapchat users who live in various parts of the United States and make it freely available for download.
For now, the group has left off the last two digits of the phone numbers they’ve collected, but that could change. Since the information was gathered without actually hacking anything, it’s unclear if anything illegal has actually taken place here. The group writes:
This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.
For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.
Since SnapchatDB.info has gone live and garnered quite a bit of media attention, multiple online tools have surfaced to check your user name against the full list and let you know if your account has been affected. The one I’d recommend is the GS Lookup tool, which you can find here: http://lookup.gibsonsec.org/lookup.
Was your account compromised? Either way, we’re curious what you think about how Internet companies obtain and manage your private data. This obviously isn’t the first time a leak like this has happened, and it surely won’t be the last. Let us know in the comments.
You should follow Mike on Twitter for more great tech insights and good conversation. Be sure to say hello! You can also keep up with Mike on his personal blog: MikeBeauchamp.me, on Facebook, or on Google+.