Winner 2013 Webby Awards for Best Political Website
Top Banner, Site wide
Apr 18, 2014

 Choose a size
Text Size

Top Leaderboard, Site wide

The Energy Revolution Is In Reverse




The Divide


Truthdig Bazaar
The Unknown Black Book

The Unknown Black Book

Edited by Joshua Rubenstein and Ilya Altman
$ 23.07

more items

 
Ear to the Ground

Alleged Snapchat Hackers Say They Had Good Reason to Leak User Data

Email this item Email    Print this item Print    Share this item... Share

Posted on Jan 1, 2014
Ryan Nagelmann (CC-BY)

When you hear that 4.6 million usernames and partial phone numbers have been published online, it’s easy to blame the publisher, but what about the company that may have left all that private data hanging so low on the tree?

Snapchat is one of the hottest names in tech right now. The company, which could be worth $3 billion, makes an app that lets users send ephemeral picture and video messages to one another. It has reportedly rebuffed buyout offers from Facebook and Google, citing its explosive growth rate.

But all is not well in the sexting kingdom. On Christmas Eve, a company called Gibson Security warned that Snapchat was vulnerable to a specific exploit, a way for another party to gain access to its data. A few days later, someone posted millions of usernames and phone numbers (with a couple digits redacted) online.

A person or group claiming responsibility for that hack has since communicated with The Verge:

The individual or team claiming responsibility for SnapchatDB has responded to The Verge’s requests for comment the morning after the database went online, containing a leaked collection of some 4.6 million apparent Snapchat usernames and partial phone numbers. “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed,” they say. “Security matters as much as user experience does.”

Giving organizations a specific timeframe in which to fix a security flaw in their product before releasing details to the public is a common tactic among white-hat hackers, designed to put pressure on developers to fix the flaws as quickly as possible. In Snapchat’s case, the leak comes just days after a blog post in which Snapchat alluded to a flaw posted on Christmas Eve by Gibson Security that alleged it could match thousands of phone numbers to usernames every few minutes. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,” Snapchat wrote.

Indeed, that appears to be what the team behind SnapchatDB did: “We used a modified version of [Gibson Security’s] exploit/method,” they tell The Verge. “Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale.”

Much of Snapchat’s allure is that messages can be viewed for only a few seconds and users living in the age of Big Brother and Big Data can feel comfortable sharing private, intimate and perhaps embarrassing communications. If it’s true that Snapchat doesn’t take security seriously enough, as alleged, then it could take the shine off that intimation of secrecy.

—Posted by Peter Z. Scheer

More Below the Ad

Advertisement

Square, Site wide

New and Improved Comments

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

Newsletter

sign up to get updates


 
 
Right 1, Site wide - BlogAds Premium
 
Right 2, Site wide - Blogads
 
Join the Liberal Blog Advertising Network
 
 
 
Right Skyscraper, Site Wide
 
Join the Liberal Blog Advertising Network
 

A Progressive Journal of News and Opinion   Publisher, Zuade Kaufman   Editor, Robert Scheer
© 2014 Truthdig, LLC. All rights reserved.