Hackare har kommit över användarnamn och telefonnummer till 4,6 miljoner Snapchatkonton, och publicerat uppgifterna på nätet.

Det var hackergruppen Gibson Security som i december upptäckte ett säkerhetshål i Snapchat. De kontaktade Snapchat på julafton, och berättade om problemet. En vecka senare, på nyårsafton, publicerades användarnamn och telefonnummer till 4,6 miljoner Snapchat-konton på webbplatsen SnapchatDB.info. Gibson Security förnekar allt samröre med den sidan, och skriver på Twitter:

"We know nothing about SnapchatDB, but it was a matter of time til something like that happened. Also the exploit works still with minor fixes."
Webbplatsen SnapchatDB.info hade dock vänligheten att censurera de två sista siffrorna i varje telefonnummer. I en kommentar skriver skaparen av SnapchatDB.info:

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.

We used a modified version of gibsonsec’s exploit/method. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data. Once we started scraping on a large scale, they decided to implement very minor obstacles, which were still far from enough. Even now the exploit persists. It is still possible to scrape this data on a large scale. Their latest changes are still not too hard to circumvent.

We wanted to minimize spam and abuse that may arise from this release. Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn’t want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness."

Samtliga konton som lagts ut på SnapchatDB.info är registrerade i Nordamerika. Gibson Security har nyligen skapat en sida där du kan kontrollera ifall ditt konto läckt ut på nätet. Samtidigt som SnapchatDB.info just nu ligger nere.

http://www.buzzfeed.com/katienotopoulos/your-snapchat-info-just-got-sort-of-leaked
http://gibsonsec.org/snapchat/fulldisclosure/
http://techcrunch.com/2013/12/31/hackers-claim-to-publish-list-of-4-6m-snapchat-usernames-and-numbers/
http://www.zdnet.com/researchers-publish-snapchat-code-allowing-phone-number-matching-after-exploit-disclosures-ignored-7000024629/
http://lookup.gibsonsec.org
https://twitter.com/gibsonsec