Skip to main content

4.6 million Snapchat usernames and phone numbers leaked online

snapchat header

Utilizing a slightly modified version of an exploit pointed out by Gibson Security last week, a group managing a site called SnapchatDB.info published a list of 4.6 million usernames and phone numbers easily pulled from Snapchat. While the site has been suspended by the host due to overwhelming traffic, a cached version of the site can still be found here. It’s likely that the list is being distributed through other online sources as well.

Describing the file to visitors, the group states “You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

Explaining the reasoning behind the release, the group continues “This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”

Snapchat

However, the group has censored the last two digits of the phone numbers in order to reduce abuse. That being said, anyone familiar with their friend’s usernames would be able to match up their friend with a Snapchat account. If you want to find out if your Snapchat username is included in the file, visit this username look-up page on Gibson Security here.

In addition, a Reddit user named antimatter15 combed through the database in order to eliminate U.S. states that weren’t included in the leaked information. Those states include Alaska, Delaware, Hawaii, Kansas, Maryland, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Rhode Island, Utah, Vermont, West Virginia, and Wyoming.

Commenting about the recently leaked personal information, Gibson Security tweeted “We know nothing about SnapchatDB, but it was a matter of time til something like that happened. Also the exploit works still with minor fixes.”

Snapchat had previously responded to the Gibson Security report in a blog post last week. In that post, a Snapchat representative stated “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”

Snapchat has not released a statement regarding the leak as of yet. While Snapchat hasn’t released information about the size of the overall userbase, Nielsen has estimated it to be around 8 million users within the United States around May 2013. During November 2013, Snapchat CEO Evan Spiegel did state that approximately 70 percent of Snapchat users are female. 

Editors' Recommendations

Mike Flacy
By day, I'm the content and social media manager for High-Def Digest, Steve's Digicams and The CheckOut on Ben's Bargains…
Caller ID apps are publicly exposing names and phone numbers
callera id app security breach truecaller

There are a number of popular Android caller ID apps that promise to show you who's calling before you pick up the phone. Turns out, however, those apps may not be such a good idea -- a number of them have been systematically uploading users' name, phone number, and even social media platforms to online databases where they can be seen by anyone, according to the Hong Kong Free Press.

Three of the major apps -- Truecaller, Sync.ME, and Cheetah Mobile's CM Security -- are in question, according to the Hong Kong Free Press. All of those apps are available as free downloads from the Google Play Store.

Read more
Never worry about spam again: Sudo supplies disposable phone numbers, email addresses
sudo app rsz getting to know

True seclusion in the digital age is a tricky proposition. In a connected world with an abundance of state-sponsored surveillance, wide-ranging account breaches, and crafty telemarketers with endless supplies of throwaway phone numbers, achieving even a semblance of privacy is a task that's practically Sisyphean. Surveys show as much: According to the Pew Research Center, 86 percent of internet users have taken steps to remove or mask their digital activity, but many say they'd like to do more.

Technology is emerging to help solve the problem it created, and Sudo for iOS, macOS, and eventually Android is one of the more promising solutions to emerge in recent months. It's an app that operates on the concept of "avatars": Load up Sudo for the first time and you're prompted to fill in for one of nine "virtual identities," each of which is associated with a phone number, email address, credit card number, and even profile picture. They're digital nom de guerres, in essence -- fictional profiles for services, websites, and apps to which you'd rather not supply your personal information.

Read more
SwiftKey leak sends users’ email addresses, phone numbers to strangers
swiftkey keyboard ipad

It's supposed to be predicting the next word or now, emoji, that you want to use, but SwiftKey is in trouble after users discovered that bad suggestions were actually the result of a data leak. The British keyboard app that was acquired by Microsoft earlier this year is known for its approachable use of artificial intelligence in helping people figure out that next word on the tip of their tongues, but now, some of its services have been temporarily suspended.

In a statement issued on the company's blog, the SwiftKey team wrote, "This week, a few of our customers noticed unexpected predictions where unfamiliar terms, and in some rare cases emails, appeared when using their mobile phone. We are working quickly to resolve this inconvenience."

Read more