1. A sample of usernames and numbers:
Last digits of phone numbers and usernames were blurred out in the data dump.
Hacker group Gibson Security last week discovered a security issue in Snapchat by which usernames and phone numbers could be matched up. They notified Snapchat, and made the details of how to do the exploit public, on Christmas Eve.
Now, a site called SnapchatDB.info allows you to download all the data — millions of usernames with associated phone numbers — in a giant spreadsheet.
3. According to Gibson Security, it didn’t create the download site:
We know nothing about SnapchatDB, but it was a matter of time til something like that happened.Also the exploit works still with minor fixes
Before you freak out, your phone number and username are still sort of safe. According to the site, which was down at the time of posting, “[f]or now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.” The site, which is soliciting Bitcoin donations, claims that the numbers were posted to “raise awareness on the issue.”
Neither Snapchatdb.info’s creators nor Snapchat have returned requests for comment.
UPDATE: You can check to see if your number has been leaked here.
UPDATE - Jan 1, 2:50 p.m., ET: The creators of Snapchatdb.info explained their reasoning over email:
Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.