On the first day of the year, hackers exposed the account information of over 4.6 million Snapchat users. This information, including usernames and phone numbers, was posted on a site called SnapchatDB.info.However, in order to conceal and protect users, the hackers blurred the last two digits of the phone numbers.
The hackers reported the reason it was so easy to find a way into the Snapchat database was because of a recent update within the application. The fact that the hackers could easily access the information of so many users is a cautionary thought. Most users send multiple “snaps” each day. Imagine how many pictures of every user are now available for anyone on the Internet to see, not to mention the users’ phone numbers.
If the hackers didn’t seem to actually want to use the information that they had so carefully half-exposed, why even post about it? They claimed to have good intentions. On a technology news-centered blog, the hackers posted: “Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.” In other words, even though it was the hackers themselves who were at fault for exposing the information, their intentions were only to keep users safe in the future.
Gibson Security hacked into the Snapchat database a week later. Gibson Security calls themselves a “white hat” group, meaning they don’t use any of the information that they find whilst hacking. The company claimed that it was fairly easy to hack into the database and published the code which allowed them to do so.
In response, Snapchat put up several security obstacles, though Gibson Security argued that it wasn’t enough.
Snapchat replied a day or two after the security breach in a blog post, claiming that the hack wasn’t nearly as deep as people believed. However, they also wrote that the company was attempting to tighten their security and make more obstacles for hackers. They ended the blog post with a chirpy “Happy Snapping!”
It seems strange that although the “hack wasn’t all that bad,” the Snapchat company felt the need to strengthen their security measures. This security breach must have had more of an impact than the Snapchat team is willing to admit; however, since the hackers blurred out much of the important information, clearly the hack wasn’t meant to be malicious but to scare. Despite the fact that the hack seems nothing short of oxymoronic, maybe the red flag the hackers waved should be paid attention to.