Last week security professional at the Gibson Security posted about the vulnerabilities in the SnapChat API which could be exploited. In response to those claims by the researchers the ephemeral image sharing startup published a blog on its website and disregarded the possibilities of such exploit.
Here is what it said,
Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.
However, to its dismay on Tuesday night a clan of hackers leaked over 4.6 million usernames with corresponding phone numbers of the users in the form of a downloadable database. This is a shock for the hot startup which is growing rapidly and the SnapChat is amongst the most downloaded apps of 2013.
The database containing the username and phone number of the app users is now available in public domain. However, the hackers who are not yet identified have blurred the last two digits of the numbers and the half part of the usernames. But they might give away the data to any party they want.
If someone does what the company suggested about creating a big database of phone numbers and uses that database to match the one leaked by hackers then the users of the app can be identified and they can be at risk.
It is the responsibility of big companies that are trusted by users and they give their private data to them, that their data is protected from such attacks and they use secure dedicated servers only.
Although not the ideal start to a new year for the hot startup however, after this incident hopefully SnapChat would have learned a lesson.