AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Your phone number is at risk in latest Snapchat hack

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Status
Not open for further replies.
CallMeWilliam said:
Security Researchers Gave Snapchat A Nasty Christmas Present By Telling The World How To Hack Snapchat
http://www.businessinsider.com/security ... ck-2013-12

http://bgr.com/2013/12/26/snapchat-hack ... rs-exposed
Click to expand...

Good for them. As a company if I was sent details of how someone could hack into my stuff you better believe I would fix it. Companies pay hackers even to get that kind of info to test their systems and programs. The fact they ignored it is just ignorant. Hell we got warned we could easily be hijacked and bombed before 9-11 and didn't do shit with that either. This is obviously less serious but why people ignore safety in any way baffles me.
 
Teagan_Chase said:
CallMeWilliam said:
Security Researchers Gave Snapchat A Nasty Christmas Present By Telling The World How To Hack Snapchat
http://www.businessinsider.com/security ... ck-2013-12

http://bgr.com/2013/12/26/snapchat-hack ... rs-exposed
Click to expand...

Good for them. As a company if I was sent details of how someone could hack into my stuff you better believe I would fix it. Companies pay hackers even to get that kind of info to test their systems and programs. The fact they ignored it is just ignorant. Hell we got warned we could easily be hijacked and bombed before 9-11 and didn't do shit with that either. This is obviously less serious but why people ignore safety in any way baffles me.
Click to expand...
As a programmer myself of over 20 years you would be surprised on how many systems are still out there (web and otherwise) that use "Security by Obscurity" as a programming model when it comes to implementing features. I am a pessimistic developer by nature so the first thing I program is the security regardless if the client wants it or not. Most software companies have the attitude security is something that can be added later on (or tested for later on) but unfortunately by the time they get to implementing it they are so far behind with deadlines they usually bare minimum it.

:twocents-02cents:
 
Miss_Lollipop said:
should i be selling my snapchat still? considering that this information is now public knowledge...
Click to expand...
First I have never used Snapchat and have no clue how the web interface to a users account works so my knowledge on this part is grey.

I did a bit of digging and while the exploit is valid (but this is where my lack of Snapchat knowledge shows) if you have your phone number listed in your account (possible to hide it or make it not show up in searches) a person would have to run all the phone numbers in the US (assuming you are targeting someone in the US and assuming you are doing it incremental) until the number was matched and a username of the account holder was returned (know the username and bingo a match). Something like this has been estimated at around 30 hours to complete. However if the person knows what area code you live in the search would be fairly quick maybe an hour or two.

From what it sounds like selling them or not will not make a difference as as long as your account has your phone number listed in it they can get at it and your username. I am guessing if you remove your phone number that might be an issue I am not sure.
 
Update

Snapchat addressing the issue.
http://blog.snapchat.com/post/713533475 ... ne-numbers

Responses to the rather *weak* (IMO) blog post.
http://techcrunch.com/2013/12/27/snapch ... mber-hack/
http://www.theverge.com/2013/12/27/5249 ... er-exploit

From what it seems like if you don't have your phone # listed in your account then the exploit might be thwarted. However Snapchat failed to disclose this, if they did then it would be a admission there is is a problem and no startup would ever consider doing that.

So I guess the moral of the story is create a throwaway account, don't add any *optional* information to the account and periodically check the account for this information *just showing up* from time to time (companies love to scrape other social networks for your information if they can match you).
 
Snapchat users: Snapchat Phone Number Database Leaked

Hacker news post talking about it: https://news.ycombinator.com/item?id=6993968

more in depth information: http://www.snapchatdb.info/

At this point your phone number is most likely leaked if you had it attached to snapchat. If you don't want people to know your number you should change it ASAP. For future NEVER use something that will link your phone number with your model account. If you need a phone number set one up with Google Voice.

FYI: hacker news is not hacking as most people think of it. It is a community of people working on web based startups. It is a totally legit site, nothing illegal going on there.
 
Re: Snapchat users: Snapchat Phone Number Database Leaked

Reading a bit more about this and it looks like the bug was originally reported to snapchat in august and they've ignored the problem. The security researcher has posted the information publicly to draw attention to the problem. The numbers themselves posted in this specific leak are missing the last two digits of the phone number (123-456-78xx). Looking through the files I did not quickly find anyone I know posted. This does not mean your information is safe, this just means that the security expert who is trying to get the bug fixed is trying to protect users.

What I said before still applies, if you are worried someone might get your phone number you should change it ASAP. Most cell carriers allow you to do this on their web site for free.
 
  • Like
Reactions: Gen
Update

4.6M @Snapchat usernames & matching phone #s leaked @ http://www.snapchatdb.info; source says it's a 'vast majority of the Snapchat users'; the last 2 digits of phone #s are hidden to prevent abuse.
Click to expand...
So this is what the security sector said would happen and it has, someone has generated a database of usernames to phone numbers and has posted it online.

Within hours several sites have popped up that allow you to search for your username / phone number to see if the data is contained in the file (CSV/SQL Dump). One thing to note even though the last 2 numbers are *hidden* the person(s) who compiled the database have said they may release the full phone number version at a later time. The compile was done within hours of the exploit being released so if you removed your # from your account settings after hearing about the exploit it *might* still be in the data (if at all).

Also be aware that some of these search sites could infact be allowing you to search as well adding your information into the database. If you search for your username and then phone number you are giving up your info willingly. Not saying that would happen but it could.

As for interested parties that are trying to find the file, oddly enough there are several sites (via torrent / file sharing sites) that are hosting self extracting executables that contain malware rather than the CSV / SQL Dump files.

Welcome to 2014 everyone...
 
  • Like
Reactions: Teagan
CallMeWilliam said:
Update

4.6M @Snapchat usernames & matching phone #s leaked @ http://www.snapchatdb.info; source says it's a 'vast majority of the Snapchat users'; the last 2 digits of phone #s are hidden to prevent abuse.
Click to expand...
So this is what the security sector said would happen and it has, someone has generated a database of usernames to phone numbers and has posted it online.

Within hours several sites have popped up that allow you to search for your username / phone number to see if the data is contained in the file (CSV/SQL Dump). One thing to note even though the last 2 numbers are *hidden* the person(s) who compiled the database have said they may release the full phone number version at a later time. The compile was done within hours of the exploit being released so if you removed your # from your account settings after hearing about the exploit it *might* still be in the data (if at all).

Also be aware that some of these search sites could infact be allowing you to search as well adding your information into the database. If you search for your username and then phone number you are giving up your info willingly. Not saying that would happen but it could.

As for interested parties that are trying to find the file, oddly enough there are several sites (via torrent / file sharing sites) that are hosting self extracting executables that contain malware rather than the CSV / SQL Dump files.

Welcome to 2014 everyone...
Click to expand...

Ive never had snapchat but obviously several girls here do. Thanks for sharing this info with us. I know it's not as easy as just removing the number from SC though. Some girls while setting it up put it in and there was no way to remove it after the fact. So if your had a number in it and cant remove it they had to uninstall the app and start over to remove it. Its like they wanted your number for life.
 
Koolguy321 said:
If anyone wants to check if their info was part of the leak,
you can check here - http://lookup.gibsonsec.org/
Click to expand...
This would probably be the safest place to do a lookup.

Also in the section "What should I do?" they mention talking to your TelCo about getting a new number. Remember to update any sites that you have enrolled into the 2-step verification process (i.e. where you are texted a verification code to your phone # for extra security). If you don't those texts might end up going to someone else eventually.
 
Status
Not open for further replies.

Similar threads

X
    • Sorry to hear that.
    • Hugs
  • Locked
Scam Alert - Chaturbate "Token Challenge"
Replies
11
Views
2K
General Cam/Creator Chat
Lisa_k
Lisa_k
M
  • Locked
My very lucrative experience at virtualgirlfriend.live
Replies
34
Views
6K
General Cam/Creator Chat
AudriTwo
AudriTwo
SenaLuna
    • Like
  • Locked
"The Snappening" -thousands of Snaps made public
Replies
1
Views
1K
Random Chat
LucyJude
L
M
    • Like
    • Funny!
  • Locked
Guys reveal their reasons for sending dick pics
Replies
24
Views
5K
Random Chat
QuietLurker69
Q
M
    • Helpful!
    • Wat?!
  • Locked
Article tells how it's easy to hack into MFC accounts
Replies
32
Views
26K
General Cam/Creator Chat
Zoomer
Z
Top Bottom
Back