BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Snapchat user info database leaks

From: Richard Forno <rforno () infowarrior org>
Date: Wed, 01 Jan 2014 00:29:55 -0500
Snapchat user info database leaks, claims to hold most numbers and usernames

BY Richard Lawler 58 minutes ago

Last week security researchers published a way to skim Snapchat's full 
database, and it appears someone did it before the vulnerability was 
addressed. A website called SnapchatDB! has appeared posting SQL/CSV 
files that it claims contain the username and associated phone number 
for a "vast majority" of the service's users, with the last two digits 
of the numbers obscured. That amounts to 4.6 million pairs, although 
actually downloading the files to actually use them or verify the claim 
seems impossible, presumably due to an overload of traffic. We don't 
know who is behind the website (its WHOIS record is hidden by 
WHOISGuard), but the homepage claims this release is happening to "raise 
awareness" of the fact that companies with our private information 
should be more careful with it. As the site mentions, even the info 
included could be enough to figure out someone's phone number from their 
username (if it's also used publicly on Twitter, for example), 
especially problematic for those with unlisted numbers. They also have 
not ruled out releasing the uncensored database "under certain 
circumstances," so if you've ever used the service, this may be 
something to keep an eye out for.

http://www.engadget.com/2013/12/31/snapchat-user-info-leak/
-- 
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: