The massively popular picture sharing service, Snapchat, suffered a database hack right around the turn of the New Year. An estimated 4.6 million user names and phone numbers (with the last two digits blurred out) were posted online for a period of time on a site using the name SnapchatDB. This allowed whoever visited the website to download a file that hackers created from the data found in Snapchat’s personal database.
But how did Snapchat get all of these supposedly confidential phone numbers anyway? The “Find Friends” feature, one of Snapchat’s largest contributors to its growing fan base, might be the culprit. The terms and conditions for “Find Friends” states that the user understands that Snapchat needs to store their number in a database in order to match it with others who also use Snapchat.
Surely the team knew mediocre defenses would not hold back hackers with ample time from finding a way past any firewalls that were set up. The Snapchat team was even warned by Gibson Security days before the attack that they should really consider enhancing their security surrounding the vast amount of data they own.
Was this really an effort to exploit millions of people and ruin a billion-dollar company in the process? Evidence suggests that the hacker’s intentions were less malicious than that. Whoever bypassed Snapchat’s security could have easily chosen not to blur out the last two digits, possibly providing more user information. These people had the opportunity to either ruin lives or make money, but they did not. They simply proved that if Snapchat is going to have access to millions of people’s information, it should have top of the line defenses against future hackers.
Snapchat finally listened after the fiasco, creating a way to turn off the “Find Friends” feature and even issued an apology to its users: “Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API. We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.”
So the question is are our snapchats safe? The answer is yes, and they are becoming safer every day as the Snapchat team works on debugging issues.