The chatting application Snapchat recently suffered exploitation by hackers who leaked the usernames and cell numbers of nearly 4.6 million Snapchat users. They downloaded the sensitive data and released it online for limited time frame.
A website called SnapchatDB was responsible for data leaks but it did examine only the last two numbers from the entire cell number. Afterwards, it was put offline but the cached one is still floating over. The exploitation done by hackers was few days later an Australian company exposed the threat of vulnerabilities in the chatting app, which could capably get in the hands of hackers.
Gibson Security explained its exclusion in the exploitation: “We know nothing about SnapchatDB, but it was a matter of time till something like that happened,” the company said.
The doers of data leaks revealed that they were part of the exploitation of flaws in Snapchat, which was earlier disclosed by Gibson Security.
“We used a modified version of gibsonsec’s exploit/method,” they cited as per a blog, Tech Crunch.
Gibson unzipped that it had been successful to test via ten thousand of cell numbers of the app’s users “in approximately 7 minutes on a gigabit line on a virtual server”.
In reply to the report, Snapchat admitted a capable security flaw (vulnerability) but revealed it had already started taking actions to secure its user database.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” it unleased in a blogpost a week earlier.
“Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
But, as per the exploiters the actions were not sufficient enough to protect the user data.
“Even now the exploit persists. It is still possible to scrape this data on a large scale,” they warn.
“Their latest changes are still not too hard to circumvent.”