Snapchat, the disappearing-message service popular with young people, has been quiet following a security breach that allowed hackers to collect the usernames and phone numbers of millions of its users.
Company spokeswoman Mary Ritti said Thursday morning that the company is assessing the situation, but did not have further comment.
Hackers reportedly published 4.6 million Snapchat usernames and phone numbers on a website called snapchatdb.info, which has since been suspended. The breach came less than a week after security experts alerted Snapchat of a vulnerability in its system and warned that an attack could take place.
In response to the warning, Snapchat said last Friday that it had implemented “various safeguards” over the past year that would make it more difficult to steal large sets of phone numbers. But the measures appear to have fallen short.
The incident bruises the image of a young company that reportedly turned down a $3 billion buyout offer from Facebook last year. According to the Pew Research Center’s Internet & American Life Project, 9 percent of U.S. cellphone owners use Snapchat, which amounts to roughly 20 million adults, based on 2012 census data. The Pew study didn’t include users under 18, a demographic with which Snapchat is especially popular. The Los Angeles-based company, which has no source of revenue, has not disclosed its own user figures.
The Snapchat breach comes just two weeks after Target was hit with a massive data security breach that affected as many as 40 million debit and credit card holders. Gartner security analyst Avivah Litan said phone numbers are not considered “sensitive” personally identifiable information – such as credit card or social security numbers – so they are collected by all sorts of companies to verify a person’s identity.
A phone number is “not as bad as password or magnetic strip information, but it’s the piece of the puzzle that criminals need to impersonate identities,” she said.