Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
Watch Live

Alleged Hackers Explain Reasons For Posting Snapchat Data

The logo and a page of mobile app "Snapchat" are displayed on tablets. Hackers broke into Snapchat, the popular mobile app, accessing the phone numbers and usernames of 4.6 million users and publishing them online.
Lionel Bonaventure
The logo and a page of mobile app "Snapchat" are displayed on tablets. Hackers broke into Snapchat, the popular mobile app, accessing the phone numbers and usernames of 4.6 million users and publishing them online.

Some 4.6 million Snapchat usernames and matching phone numbers were published online late Tuesday, a week after the hacking research group Gibson Security posted instructions for how to access Snapchat users' information.

Snapchat had previously acknowledged the vulnerability, which Gibson Security says it pointed out in August. The security group says it did not retrieve the data that were posted this week.

Others have claimed responsibility for the leak. And they told The Verge what they were thinking:

Advertisement
" 'Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed,' they say. 'Security matters as much as user experience does.' "

The hacking "exploit" that exposed users' data relies on a feature in Snapchat that lets people find their friends by comparing their phone's contacts list against phone numbers that are already registered with the service.

On Dec. 27, the company said that in theory, "a huge set of phone numbers, like every number in an area code, or every possible number in the U.S." could be submitted, which could then yield a large list of matching usernames.

Those remarks come from a blog post in which Snapchat -- which has reportedly rejected multibillion-dollar purchase offers from Google and Facebook -- said it had taken several steps to improve security. The company has not posted an update on the issue.

"The linking of phone numbers to usernames in accounts from major cities within the United States and Canada is a private information disaster that could have been avoided if the company had acted when repeatedly warned," ZDNet reports. "Gibson Security told ZDNet that fixing the threat would have only cost Snapchat ten lines of code."

If you're a Snapchat user who wants to see if your account was affected, you might want to consult a page posted by Gibson Security today that lets you compare a username against the exposed database.

Advertisement

The page also includes instructions about next steps. They include deleting a Snapchat account and getting a new phone number.

Copyright 2014 NPR. To see more, visit www.npr.org.