Skip to main content

Millions of accounts compromised in Snapchat hack

Doug Gross, CNN
STORY HIGHLIGHTS
  • A hacker group says it accessed info for 4.6 million Snapchat users
  • The group, SnapchatDB, urged the app to tighten security
  • They said the last two digits in phone numbers were blurred
  • Snapchat lets users share photos and videos

(CNN) -- Hackers appear to have posted account info for 4.6 million users of quickie social-sharing app Snapchat, making usernames and at least partial phone numbers available for download.

The data were posted to the website SnapchatDB.info. By late Wednesday morning, that site had been suspended.

The hack was seemingly intended to urge Snapchat to tighten its security measures. The anonymous hackers said they used an exploit created by recent changes to the app, which lets users share photos or short videos that disappear after a few seconds.

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," the hackers said in a statement to technology blog TechCrunch.

Millions compromised in Snapchat hack
Snapchat's $3 billion blunder?

In the statement, the hackers said they blurred the last two digits of the phone numbers they posted but were still considering whether to post more with the full number visible.

By Wednesday afternoon, developers had used the data to set up a website letting Snapchat users find out whether their accounts had been compromised.

Snapchat did not immediately respond to a message seeking comment.

Last week, Gibson Security -- a group of "white hat" hackers, meaning they don't exploit the security gaps they find -- published what they said was code that would enable such a hack. The SnapchatDB group said Snapchat implemented "very minor obstacles" after that.

"We know nothing about SnapchatDB, but it was a matter of time til something like that happened," Gibson Security wrote Wednesday on its Twitter account. "Also the exploit works still with minor fixes."

In a blog post Friday, Snapchat appeared to minimize the potential damage from such a hack, claiming that it would require a "huge set of phone numbers, like every number in an area code," to match usernames to numbers.

"Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse," the post read. "Happy Snapping!"

ADVERTISEMENT
Part of complete coverage on
July 10, 2014 -- Updated 0009 GMT (0809 HKT)
Brazil's oldest foe secures its place in the World Cup final for the first time in more than two decades after defeating the Netherlands on penalties.
July 9, 2014 -- Updated 1423 GMT (2223 HKT)
Israel has deployed its Iron Dome defense system to halt incoming rockets. Here's how it works.
A high speed train leaves Beijing south railway station on August 11, 2011.
How Beijing built the world's largest high-speed rail network in less than a decade.
July 10, 2014 -- Updated 1056 GMT (1856 HKT)
CNN's Becky Anderson looks at how practicing underwater is the perfect way to prepare for spacewalks.
July 9, 2014 -- Updated 0917 GMT (1717 HKT)
An emotional Brazil fan reacts after being defeated by Germany 7-1 during the 2014 FIFA World Cup Brazil Semi Final match between Brazil and Germany at Estadio Mineirao on July 8, 2014 in Belo Horizonte, Brazil.
Spectacular Germany outplays Brazil to reach the World Cup final with a 7-1 win over the hosts.
Even those who aren't in the line of fire feel the effects of the chaos that has engulfed Iraq since extremists attacked.
July 9, 2014 -- Updated 0641 GMT (1441 HKT)
CNN's Jim Bittermann takes a look at a family who found the remains of their great- grandfather 100 years later.
July 9, 2014 -- Updated 0008 GMT (0808 HKT)
Israelis and Palestinians have entered another yet violent cycle of reaction and counterreaction. Here are five things to keep in mind.
July 7, 2014 -- Updated 2318 GMT (0718 HKT)
Traveling to the U.S.? You could be delayed if your electronic device has a dead battery.
July 8, 2014 -- Updated 2157 GMT (0557 HKT)
With one hand, Zahra Hassan clutches a purse that matches her red blouse and skirt trimmed in blue. In the other, she holds an AK-47.
CNN joins the fight to end modern-day slavery by shining a spotlight on its horrors and highlighting success stories.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT