Snapchat Weakness Would Reportedly Allow Phone Numbers to Be Matched to User Accounts

  • Share
  • Read Later

Over at ZDNet, Violet Blue details a couple apparent Snapchat weaknesses: one that would allow someone to match a phone number with a person’s username, and one that would allow someone to create a bunch of accounts that could be used for spamming people.

The whole ordeal is a pretty thick read – here’s the complete document by the security team that discovered the flaws – but the takeaway for the “Find Friends Exploit,” as it’s being called, is that you’d have to take a giant list of phone numbers and cross-check each number against the list of Snapchat usernames to find matches.

In other words, right now if someone wanted to find your phone number — assuming you’re in the U.S. and have it listed as part of your Snapchat account, for instance — they’d have to run all of the phone numbers in the U.S. until your number popped up and matched to your account. This process could be quicker and easier if they know you live in the 617 area code, though, since they’d only have to run a smaller subset of phone numbers.

The bigger issue, however, would be someone taking the time to just run all the phone numbers in the U.S. and matching them up against all the Snapchat users in the U.S., compiling a list and then selling that list off to spammers, stalkers or whoever else wanted access to this information. As Blue writes, “When the phone number matches a record of a Snapchat user, the malicious entity will get a record that includes the username, the associated display name, and whether the account is private or not.”

The security team that found the weaknesses – Gibson Security – posits that someone could run all the phone numbers in the U.S. in less than 27 hours. The researchers also said that they’ve reported these weaknesses to Snapchat but have never received a response.

Long story, short: It doesn’t appear that any of this information has been used maliciously yet, but it’s still early. We’ll see if Snapchat takes steps to clamp this up or if someone else takes the time to churn through all the data.

Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored [ZDNet]

3 comments
VijayBanga
VijayBanga

More the security more insecurity has crept in, it is turning into a 

n evil game

CarlLegg
CarlLegg

Snapchat is notoriously arrogant when it comes to its customer base. It's an attitude that starts at the top and has trickled down to the employees.

Realworldnonfantasyland
Realworldnonfantasyland

I honestly believe it would be easier for a stalker to ask someone for the number of someone else rather than paying to get the number.    But then what, you see the creep one time and then you never open up something from him again