If you’re like an estimated 26 million Americans, chances are there’s a faceless ghost icon stationed somewhere on your smartphone.
Called “Snapchat,” the wildly popular messaging app (especially with teens and young adults) was released in 2011 by Stanford students and allows users to send photos and videos that quickly self destruct. Users can control their list of recipients, along with how long the images – known as “snaps” – are visible, with the time limit ranging from 1 to 10 seconds.
But in an ironic twist, the app built on the allure of selective privacy fell victim to an anonymous hacker, who this week posted the screen names and phone numbers of more than 4.6 million Snapchat users online. The data was leaked just days after the startup was warned that such a compromise could happen.
On a website called SnapchatDB, which may be run by an individual or a group, files containing Snapchat users’ information was posted Wednesday. The website has since been taken down, but while it was live, the names and phone numbers associated with many of the users – all located primarily in North America – could be downloaded.
The hacker or hackers said the data was published to prompt Snapchat to fix a security hole that it was aware of and had been warned could be exploited.
“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed,” SnapchatDB told tech website The Verge. “Security matters as much as user experience does.”
Snapchat was warned by a group called Gibson Security on Christmas Eve that its mobile application contained a security flaw that could expose its users in the exact way that SnapchatDB did.
Days after the warning, Snapchat acknowledged the vulnerability on a company blog, but downplayed the seriousness of the security hole.
Users can check if their information has been exposed by going to Snapcheck or Gibson Security Lookup.
McClatchy News contributed to this report.