In an official post on their blog, social messaging service Snapchat has admitted that about 4.6 million usernames and phone numbers were leaked. The Photo and video messaging service which was considered as a secure alternative to Facebook and Instagram lets users share photos and videos which self-destruct within few seconds.
The blog post acknowledged that the way their API stores the information made it possible to sniff out usernames and match them up. The post said that if someone were able to upload like every number in an area code or every possible number in the U.S., they could match usernames to phone numbers and that is how the group had leaked the SnapchatDB.info database of 4.6M users. Snapchat says that except phone numbers and usernames no other information like Snaps was accessed or leaked in these attacks.
Techcrunch website reported that the group who was responsible for the leak wanted to raise the public awareness around the issue and get the exploit fixed by Snapchat. They had followed Gibson Security report late December, who approached Snapchat with the issue and got no response from them.
Meanwhile Snapchat has posted in their blog that the service and apps will be changed to prevent future leaks, which include opting out of the Find Friends feature. Snapchat said that they were notified in August of the possible security risk for which they took some steps.