The Snapchat 'hack' that never was: Experts find no evidence 1.7m accounts leaked

Jason Murdock

On 16 April, reports circulated hackers had compromised the networks of Snapchat, the popular social sharing platform, and stolen over 1.7 million credentials in retaliation for statements made about India by the firm's chief executive, Evan Spiegel.

The group claimed to have hacked into Snapchat via a vulnerability in its smartphone application and threatened to launch further attacks, despite releasing no evidence to back up its claims. It demanded Spiegel apologise for allegedly calling India a "poor country".

Trending: Will I have a heart attack? This AI can predict more accurately than doctors

Luckily for Snapchat's users across the globe, there's no sign the claims are legitimate.

Security researchers believe quite the opposite is true, with a small batch of published credentials online taken from a set of previously-leaked users names from 2013.

Don't miss: India starts #BoycottSnapchat after CEO's alleged 'poor country' comments

When the self-described hackers emerged, they posted information to GhostBin, a website that lets users submit and store text-based data. Far from 1.7 million, it contained less than 5,000 records – usernames, partial phone numbers and no passwords.

When probed further by one researcher, Rojan Rijal, this data matched information first posted on a website called SnapchatDB back in January 2014.

Most popular: Computing pioneer and creator of the internet Bob Taylor dies at 85

When this hack occurred – stemming from a cyberattack on the applications's "Find Friends" feature – 4.6 million users were impacted.

"Snapchat was not exactly hacked, [the] hackers just pasted an old data that was published online," Rijal wrote in a blog post, adding: "This was not a real hack. No data was stolen. 'Hackers' here simply downloaded the file found online and shared it."

This matched the analysis of Fortune magazine, which made contact with several cybersecurity firms including Flashpoint and FireEye to ask about the allegedly leaked information. Each found no evidence of a new hack, instead only encountered the previously-leaked accounts on the web.

Snapchat has not yet commented on the incident.


It did, however, address the growing scandal and subsequent backlash in India after Spiegel's comments were picked up on by the media. In court filings, he was accused of proclaiming Snapchat was "only for rich people" and not for "poor countries".

A Snap Inc. spokesperson brushed off the comments, saying the words came from a "disgruntled former employee".

A statement read: "Obviously, Snapchat is for everyone! We are grateful for our Snapchat community in India and around the world."

Last year, Snapchat was forced to contact a slew of employees – past and present – to warn them sensitive payroll data was accessed by hackers who tricked a member of staff using an email spearphishing scam that impersonated Spiegel.

"A number of our employees have now had their identity compromised. And for that, we're just impossibly sorry," it said at the time. While Snapchat is no stranger to cybersecurity incidents, this latest case – for all intents and purposes – never happened.

You may be interested in:

By using Yahoo you agree that Yahoo and partners may use Cookies for personalisation and other purposes