A security exploit in the Snapchat messaging service that was found but not fixed several months ago was apparently used. Over 4.6 million usernames and phone numbers from the service have been published on a website.
The site, called SnapchatDB.info, first went live on Tuesday but has since been taken down. TechCrunch reports that before the site was closed, its unknown authors explained the reasoning for their actions, stating they simply wanted to "put public pressure on Snapchat to get this exploit fixed." While the Snapchat user names were exposed, the last two digits of the phone numbers were blurred on the site.
Last week, the Gibson Security firm stated that known exploits with SnapChat's API could allow anyone to extract user names and phone numbers from the service. Snapchat later tried to downplay the security firm's findings on their official blog, claiming that in theory, anyone could upload a list of all the phone numbers in the U.S. and then make "a database of the results and match usernames to phone numbers that way." The company claims that it has taken steps to make this harder to accomplish but did not go into details. So far, Snapchat has yet to comment on this new leak of user information.
Source: TechCrunch | Image via TechCrunch