It was revealed several days ago by security researchers that there were vulnerabilities present within Snapchat that would allow a group to attain user phone numbers. It turns out that this has actually happened and the result of that hack is a public list of 4.6 million phone numbers and user names.
Tech publications are reporting that the list has been put up online by a group of hackers who have remained anonymous so far. The database of usernames and phone numbers are from people that have used Snapchat in North America, where the service has the majority of its users.
Although the usernames are now public, the hackers are currently keeping the last two digits of the phone numbers secret. According to the hackers, they have released the information in order to raise awareness about Snapchat’s security flaws and they will put out the full phone numbers if necessary.
Even though people cannot currently download the database and receive full phone numbers, people frequently use the same username across numerous services, meaning that someone with enough time on their hands could potentially find the last two digits of the phone numbers from another location.
By examining the phone numbers that have been listed, it seems as though most of them are from the same area codes, meaning that the hack did not affect every Snapchat user in North America.
An earlier blog post released by Snapchat acknowledged concerns regarding its “Find Friends” feature which uploads a user’s contact list to Snapchat in order to find other users who may be worth connecting with.
This practice has been criticized by many security experts as it makes it easier for a hacker to attain phone numbers if they gain access to an application’s servers and database. While it may have acknowledged the concern, Snapchat did not appear to be worried about anyone hacking into their database and acquiring the phone numbers. However, Snapchat was wrong, and hackers did break into the app only a short time after the blog post was published.
Within the same blog post, Snapchat assured users that it had implemented appropriate security measures as an extra layer of protection against the same sort of hack that ended up happening.