What Recent Snapchat User Database Hack Teaches You…
A website called SnapChatDB.com has published 4.6 million hacked usernames and phone numbers of Snapchat users last week, and posted them online. Anyone can go to their website, and download the data.
It’s out there in the open, anyone to make use of in whatever way they like.
The website informs us:
“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Overall, the website has claimed that they have successfully hacked username and phone number combinations of 4,609,621 accounts across the 76 US area codes. The guys at SnapChatDB.com, who hacked this immensely vital information, are not really villains.
They have replaced the last two digits of the phone numbers with two XXs, so as to protect the privacy of Snapchat users. Infact, they were trying to raise awareness about several security flaws in Snapchat application, which were uncovered by Australian researchers last year. In a press release, they had said at that time:
“Of the vulnerabilities released, an exploit was found in the Snapchat “Find Friends” function, allowing someone to easily create a database of the usernames and phone numbers of users of the Snapchat application, in a small timeframe, using phone numbers automatically provided to the app.”
Snapchat has responded to this crisis by allowing users to opt out from the “Find Friends” feature, which created this vulnerability; as mentioned in their blog post.
I suppose this is the biggest hacking attempt at any popular application, ever. What it actually teaches us?
Phone numbers as Instant Messenger Usernames Are Not Safe Anymore
Most of the instant messengers are using phone numbers as username, which speedup the process of registration, and help them to create unique databases, which can be searched easily. All they do is tag the unique phone number with a name, and start chatting and add friends.
But this mechanism is giving rise to such threats as hackers attempt to decode this primary identification first, revealing other data and information as they become easy targets afterwards. Narrowing down to a particular individual based on the phone number is far easier than imagined.
Tying Together Email and Phone Number Is More Riskier Than Ever
Recently, a gang was busted in New Delhi, where they scanned social networking sites for possible information about users, hacked their bank accounts by using phishing software installed on a US based IP and opened fake bank accounts with these hacked information.
If observed closely, they tracked those individuals whose emails and phone numbers were linked together. Most of the social network users have their emails spread across several sites, and their numbers linked with them via instant messengers!
This is a golden phase for hackers, who can do anything with this data, anytime. Time to segregate these clues to your identification; but it should begin with the service providers.
Online Privacy Is a Myth: Deal With It
No matter how strong your passwords are or how much ammunition technology companies are putting to safe-guard your information, everything is out there in the open. Just a matter of time before any hacker eyes that and grabs that. Hence, all Internet and Mobile users are recommended not to reveal too much information in these websites and applications.
Segregate the data, and reveal only that which can be changed every 2 weeks or so. The phone number, especially, should not be shared openly, and care should be taken not to reveal your primary email account which is linked with bank accounts. Creating separate email ids for using social networks is also recommended by some security experts.
But at the end of the day, it is your data and your security. Play it wise, folks.. because it’s an dangerous world out there.