We still don't know how big Snapchat is. But 4.6 million user accounts were compromised earlier this week when hackers exploited a known security loophole to steal the usernames and telephone numbers of millions of Snapchatters. The hackers then posted the information publicly.
Snapchat is a messaging service that destroys pictures after they are sent. It is very popular. The company prides itself on security and privacy, and maintaining the trust of its users is paramount to its success.
That's why known security loophole is a key phrase here. Shortly before Christmas, white-hat security firm Gibson Security revealed a security vulnerability in Snapchat's API that made it possible to harvest the names, aliases, and phone numbers of users, and warned Snapchat of the potential dangers.
After Gibson Security's big reveal, Snapchat admitted the vulnerability in a blog post on December 27. At the time, it claimed to have "recently added additional counter-measures."
By all appearances, those measures weren't enough. Sometime on Tuesday, an unknown individual or group posted the usernames and phone numbers of 4.6 million Snapchatters to Snapchatdb.info, apparently using the techniques outlined by Gibson Security.
The last two digits of the phone numbers attached to each account were blurred out, but could be requested. The site has since been taken down.
To find out if your Snapchat account was hacked, Gibson Security has set up a search tool you can use. "If your data has been leaked, don't freak out!" they write. "First and foremost, you can delete your Snapchat account."
Unfortunately for you, that won't remove your phone number from the public sphere if it's already circulating. And unfortunately for Snapchat, some messes don't just disappear on cue.