Alasdair Allan

Alasdair Allan is a Scientist, Author, Hacker and Tinkerer, and co-founder of a startup working on fixing the Internet of Things. He is the author of a number of books, and from time to time he also stands in front of cameras. You can often find him at conferences talking about interesting things, or deploying sensors to measure them. Last year rolled out a mesh network of five hundred sensors motes covering the entire of Moscone West during Google I/O. He's still recovering. He sporadically writes blog posts about things that interest him, or more frequently provides commentary in 140 characters or less. He is a contributing editor for MAKE magazine, and a contributor to the O'Reilly Radar. A few years ago he caused a privacy scandal by uncovering that your iPhone was recording your location all the time. This caused several class action lawsuits and a U.S. Senate hearing. Several years on, he still isn't sure what to think about that. Alasdair is a former academic. As part of his work he built a distributed peer-to-peer network of telescopes which, acting autonomously, reactively scheduled observations of time-critical events. Notable successes included contributing to the detection of what—at the time—was the most distant object yet discovered.

The Snapchat Leak

4.6 million phone numbers, is one of them yours?

The number of Snapchat users by area code.

The number of Snapchat users by geographic location. Users are predominately located in New York, San Francisco and the surrounding greater New York and Bay Areas.

While the site crumbled quickly under the weight of so many people trying to get to the leaked data—and has now been suspended—there isn’t really such a thing as putting the genie back in the bottle on the Internet.

Just before Christmas the Australian based Gibson Security published a report highlighting two exploits in the Snapchat API claiming that hackers could easily gain access to users’ personal data. Snapchat dismissed the report, responding that,

Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.

Adding that they had various “safeguards” in place to make it difficult to do that. However it seems likely that—despite being explicitly mentioned in the initial report four months previously—none of these safeguards included rate limiting requests to their server, because someone seems to have taken them up on their offer.

Read more…

Comments Off on The Snapchat Leak