UPDATE: Snapchat has released a statement acknowledging the attack, noting that they are “improving rate limiting and other restrictions to address future attempts to abuse our service.” As numerous angry Tumblr users point out, there is no actual apology in the statement.
According to The Verge, yesterday an anonymous hacker group published over 4.6 million North American Snapchat usernames and phone numbers. The data is accessible as either an ‘SQL dump’ or CSV text at SnapchatDB, and although the final two digits of phone numbers are blocked to “minize spam and abuse,” SnapchatDB encourages people to reach out to firstname.lastname@example.org to access the uncensored database.
Reddit user antimatter15 claims to have scoured the database and found that only 76 of 322 U.S. area codes are affected. Users in the following states are NOT present in the database:
- New Hampshire
- New Mexico
- North Carolina
- North Dakota
- Rhode Island
- West Virginia
Cambridge, Massachusetts-based web developer Vik Parucheri has also created a website, Snapcheck, which allows users to quickly check if their phone number or username are among the released data.
SnapchatDB claims on its website that the numbers were obtained through the “recently patched Snapchat exploit,” referring to Gibson Security’s publishing of Snapchat’s API and exploit codes last week.
In the worst possible hands, the data could be used for spamming, exploitation or more personalized hacking.