A new tool to allow Snapchat users to check whether their username and cellphone number have been compromised in the recent database hack has been launched, with an estimated 4.6m accounts supposedly leaked. The tool, developed by password management firm LastPass, checks a Snapchat username against the millions of accounts that were exposed using a security loophole the company was supposedly made aware of back in August 2013, but which it only addressed – at least partially – in recent days after the exploit was made public.
LastPass’ tool isn’t the only one offering to check details against the released database, though the company’s presence in the security space should at least make Snapchat users feel more confident about punching in their username. LastPass takes each username and works out its SHA-1 hash, which is then run through the leaked list; converting it back from the SHA-1 hash, LastPass points out, is tricky to do even if someone intercepted what was transmitted from the webpage to the company’s servers.
If your Snapchat account is on the list, the advice is to delete it and start over, in addition to being more cautious about potential phishing attempts from people calling the registered phone number. Meanwhile, it’s also sensible to change the password used on any other site with the same username or phone number.
Those who don’t get their details flagged, however, should still consider taking the same precautions, LastPast suggests, since the leaked database was only a partial one.
Even now, Snapchat is yet to comment on the new leak, its latest public statement still referring to the original exploit. Then, the company said it had been implementing “various safeguards” over the past year to avoid hacks, in addition to adding “additional counter-measures” more recently.
Nonetheless both the hackers which used the loophole to scrape the database, and the Australian security researchers who identified it in the first place, say that with only minor changes the same exploit could be used again to do exactly the same thing. Whether Snapchat users will feel quite so confident sending their photos in future remains to be seen, given the self-destructing security of the service is one of its key selling points.