Skip to main content

Millions of accounts compromised in Snapchat hack

Doug Gross, CNN
STORY HIGHLIGHTS
  • A hacker group says it accessed info for 4.6 million Snapchat users
  • The group, SnapchatDB, urged the app to tighten security
  • They said the last two digits in phone numbers were blurred
  • Snapchat lets users share photos and videos

(CNN) -- Hackers appear to have posted account info for 4.6 million users of quickie social-sharing app Snapchat, making usernames and at least partial phone numbers available for download.

The data were posted to the website SnapchatDB.info. By late Wednesday morning, that site had been suspended.

The hack was seemingly intended to urge Snapchat to tighten its security measures. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," the hackers said in a statement to technology blog TechCrunch.

Millions compromised in Snapchat hack
Snapchat's $3 billion blunder?

In the statement, the hackers said they blurred the last two digits of the phone numbers they posted but were still considering whether to post more with the full number visible.

By Wednesday afternoon, developers had used the data to set up a website letting Snapchat users find out whether their accounts had been compromised.

Snapchat did not immediately respond to a message seeking comment.

Last week, Gibson Security -- a group of "white hat" hackers, meaning they don't exploit the security gaps they find -- published what they said was code that would enable such a hack. The SnapchatDB group said Snapchat implemented "very minor obstacles" after that.

"We know nothing about SnapchatDB, but it was a matter of time til something like that happened," Gibson Security wrote Wednesday on its Twitter account. "Also the exploit works still with minor fixes."

In a blog post Friday, Snapchat appeared to minimize the potential damage from such a hack, claiming that it would require a "huge set of phone numbers, like every number in an area code," to match usernames to numbers.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse," the post read. "Happy Snapping!"

ADVERTISEMENT
Part of complete coverage on
November 27, 2014 -- Updated 0059 GMT (0859 HKT)
Ferguson police officer Darren Wilson says he was just doing his "job right" when he shot and killed black teenager Michael Brown.
November 24, 2014 -- Updated 0118 GMT (0918 HKT)
The interior of the Formosa Boulevard Mass Rapid Transit Station in Kaohsiung, in southern Taiwan.
Stunning stations where your first priority won't be finding the nearest exit.
November 25, 2014 -- Updated 2318 GMT (0718 HKT)
Turkish President Recep Tayyip Erdogan says women's "nature is different," sparking fury.
November 24, 2014 -- Updated 1043 GMT (1843 HKT)
A 30-year-old woman has been charged with attempting to kill a baby police say spent five days down a drain before being discovered by cyclists.
November 21, 2014 -- Updated 0121 GMT (0921 HKT)
If it wasn't for a comic's skit, Bill Cosby would still be America's favorite father, says expert.
November 24, 2014 -- Updated 0051 GMT (0851 HKT)
Where do hip young things hang out in Taiwan?
November 21, 2014 -- Updated 1550 GMT (2350 HKT)
Obama orders the most sweeping overhaul of U.S. immigration in decades, prioritizing the deportation of "felons, not families."
November 18, 2014 -- Updated 2106 GMT (0506 HKT)
Fighters loyal to ISIS are now in control of Derna, a city on Libya's Mediterranean coast.
November 21, 2014 -- Updated 2319 GMT (0719 HKT)
China and likely other countries have the capacity to shut down the U.S. power grid, says the NSA.
November 19, 2014 -- Updated 1945 GMT (0345 HKT)
The founder of a U.S. nonprofit that works with returning soldiers is named CNN's Hero of the Year.
November 26, 2014 -- Updated 1557 GMT (2357 HKT)
Each day, CNN brings you an image capturing a moment to remember, defining the present in our changing world.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT