Snapchat, the temporary photo-sharing app that Reuters called one of 2013's "top smartphone apps," has been hacked, with 4.6 million usernames and associated phone numbers compiled into a database that has since been taken offline.
The hack was done through an API exploit that Snapchat was actually warned about months ago, when Gibson Security said there was a way to use Snapchat's friend finder to get a large number of phone numbers and usernames relatively quickly. Snapchat didn't respond to that, so, on Christmas Eve, Gibson Security posted full instructions.
Snapchat did respond to that, with a blog entry that dismissed Gibson Security's concerns, saying it had "implemented various safeguards" to make the exploit "more difficult to do."
"Happy Snapping!" the entry concluded.
This morning, a database of 4.6 million usernames and phone numbers (with the last two digits blurred, though the website warned it might still release the uncensored versions) were posted, purportedly to demonstrate that Snapchat's safeguards weren't doing enough.
From the Washington Post:
'Even now the exploit persists,' SnapchatDB said in a statement. 'It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.'
If the accusations about Snapchat's response time prove true, it implies a pretty cavalier attitude on its part toward security -- not to mention the privacy its vanishing photos are meant to provide in the first place.
The hack is yet another flaw in Snapchat's increasingly Swiss cheese-like security. Gibson Security found several other examples of potential API exploits, none of which, it said, had been fixed months later. Other hackers have found ways to save or access videos and photos sent on the service, even though they are supposed to disappear after a few seconds.
That's a big problem when the vanishing aspect is Snapchat's big selling point and it's being used to share naked photos or whatever those crazy teens are using social media for these days.
True to form, Snapchat has been slow to respond to media requests for comment.
This article is from the archive of our partner The Wire.
We want to hear what you think about this article. Submit a letter to the editor or write to firstname.lastname@example.org.