Last night while many were ringing in the new year, 4.6 million usernames and phone numbers were leaked onto the internet. A website called SnapchatDB! has appeared posting SQL/CSV files that claims to have usernames and phone numbers. A week ago, security researches had warned that someone could theoretically skim the Snapchat database. It appears that someone had done just that before Snapchat added in “safeguards” to prevent anyone from doing this.
A developer on Twitter had managed to set up a site to check if you were affected by this hack. @WS on Twitter, has said that their script has been slammed since big tech sites picked up the news. They’re now redirecting to, http://lookup.gibsonsec.org, so they can allow users to continue to check if they are affected.
This is a major problem for the Snapchat team, considering their lack of response to the community. The site SnapchatDB! currently has a censored file with 2 digits blurred out on each phone umber, but has not rule out releasing an uncensored version of the database. No one knows who owns the site, and WhoIs data is protected by a WhoIsguard currently.
UPDATE:
Thanks to Will Smidlein on Twitter as @ws, confirmed that only users in the United States are affected. Also he point myself to a reddit post which breaks down the affected areas. I’ve copied the list of states that are NOT affected.
If your phone number is in any of these states, you’re not in the database:
- Alaska
- Delaware
- Hawaii
- Kansas
- Maryland
- Mississippi
- Missouri
- Montana
- Nebraska
- Nevada
- New Hampshire
- New Mexico
- North Carolina
- North Dakota
- Oklahoma
- Oregon
- Rhode Island
- Utah
- Vermont
- West Virginia
- Wyoming
We’ll keep everyone updated as this develops.