Less than a week ago, a hacker group published the previously undocumented API from messaging service Snapchat and two security exploits that expose personal information about customers who use the service. Five days later, those exploits may have allowed the people or person at SnapchatDB to compile 4.6 million Snapchat records and post them to the internet.The information posted on the website snapchatdb.info allegedly contains the phone number and usernames of over 4.6 million Snapchat users. The data is available as a SQL dump or a CSV file and can be downloaded by anyone with an internet connection. The last two digits on the phone numbers are obscured, but the unaltered database is supposedly available to interested parties who contact SnapchatDB.
Early analysis of the data suggests the leaked data only contains information on a subset of Snapchat users. An noted by Reddit users, the database includes only area codes from users in North America. Of those users, there are two Canadian area codes and only 76 of the 322 available US area codes. Over 200 US area codes are not represented in the database.
Snapchat confirmed that it was aware of the exploit and patched it. The company downplayed its significance in a recent blog post. SnapchatDB said its information was compiled using “the recently patched Snapchat exploit” and it was being published in order to “raise awareness on the issue.”