Snapchat Hacked and Data Exposed
Just last Tuesday, a website called SnapchatDB.info made Snapchats users’ information available for download on their page. The website was taken down the next day most likely for breaking JDRHosting’s web services rules. The website owners claimed they were making “an attempt to expose the vulnerability of users’ data.” This same statement was made by those who were responsible for creating other hacking software such as Droidsheep, a Firefox plugin which hijacks session variables of users logged on to facebook or other website applications which utilize session variables.
On December 27th, Snapchat posted on their blog website that one of the security flaws was exposed by some of their white-hat hackers, stating their API was reachable and claimed that a possible attack could be made such that customer’s information could be leaked:
Occasionally computer security professionals and other helpful people reach out to us about potential bugs and vulnerabilities in Snapchat. We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us.
This week, on Christmas Eve, a security group posted documentation for our private API. This documentation included an allegation regarding a possible attack by which one could compile a database of Snapchat usernames and phone numbers.
– Snapchat.com Blog
It seems as though this attack was of no surprise to them.