A site called SnapchatDB.info has saved usernames and phone numbers for 4.6 million accounts and made the information available for download. In a statement to us, SnapchatDB says that it got the information through a recently identified and patched Snapchat exploit and that it is making the data available in an effort to convince the messaging app to beef up its security. We’ve also reached out to Snapchat.
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.
We used a modified version of gibsonsec’s exploit/method. Snapchat
could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that…
View original post 614 more words