It is reported by BBC News Technology that the hacker(s) posted a database with the information of reportedly 4.6 million Snapchat users. The database also appeared on a website called SnapchatDB.com long enough for the information to make its way around the Web. It has now been taken offline.
Programmers quickly responded by building Web tools, such as Snapcheck, for users to see if their user names and phone numbers had been exposed. Several reports appeared on social media of people who had found their account information leaked. Users who, like many, have the same user name for several online accounts, might wish to change their user names across accounts, suggests consumer privacy expert Bob Sullivan. Other than that, they have little recourse.
Putting the incident in perspective, Sullivan stated that the breach could have been worse since credit card numbers or social security numbers weren’t exposed. “What’s the worst case scenario?” he added: “Someone you don’t want to have your number has your number. This is far from ideal, but not the worst thing that could happen.” The recent Target credit card number breach had graver consequences.
The fact, however, that Snapchat appears to have ignored a warning about their security vulnerability could irk some users. According to a security and privacy expert from the American Civil Liberties Union, Chris Soghoian, a research firm specializing in computer security published a report warning Snapchat of its data vulnerability. It is alleged that the warning might have gone unheeded. Gibson Security, the computer security research firm that made the report, later published a blog post warning the public. It is believed that Snapchat didn’t respond to this, either.
Digits, the Wall Street Journal tech news page quoted Soghoian as saying: “This leak shows you they aren’t handling this correctly. Granted, they’re much smaller than a Google or Twitter, but they just haven’t invested in security the way that they should.”
In a statement made to TechCrunch, the hacker(s) said: “Our motivation behind the release was to raise awareness around the issue and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources, but security and privacy should not be a secondary goal. Security matters as much as user experience does.”