A Snapchat hack affected about 4.6 million accounts and saved usernames and phone numbers to a site called SnapchatDB.info. In a statement to TechCrunch, SnapchatDB explained that it received the information through a recently identified and patched exploit.
The site is making the data available to the public to convince Snapchat to beef up its security. In order to “minimize spam and abuse” the hack could create, SnapchatDB “censored the last two digits of the phone numbers.” However, it could still release the unfiltered data, including millions of phone numbers.
SnapchatDB was initially considered a hoax, but it was later confirmed to be true after several people reported seeing their usernames and phone numbers on the downloadable list. The hack affected at least one member of TechCrunch’s editorial team, readers, and possibly even Snapchat founder Evan Spiegel.
Before it was suspended, users saw the following message before they were able to download the data:
“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
While users can’t download the list anymore, two developers created an app that can tell if your information was leaked based on your Snapchat username. The website’s creators explained that users shouldn’t “freak out” if their data has been leaked. Instead, it urges them to delete their Snapchat accounts, and ask for a new phone number from their carrier, though that could cost money.
The Snapchat hack came shortly after white-hat Gibson Security researchers attempted to alert the messaging service to ways that hackers could connect usernames to phone numbers for user in stalking. Gibson Security then published the exploit publicly on Christmas Eve.