Snapchat Checker (opens in new tab)

(robbiet.us)

39 pointsbrsch12y ago12 comments

12 comments

I really wish these "check if you've been hacked" sites gave some sort of reason why I should trust them. How would my mom know if this was a secure check or just a phishing scam?

stusmall12y ago

They aren't asking for any secrets just a username. I didn't read the details of the recent issues, is there any reason why a snapchat user name should be guarded?

kmfrk12y ago

This (https://pay.reddit.com/r/netsec/comments/1u4xss/snapchat_pho...) is the creator's comment on the reddit thread. You can drill him for questions, if you want. :)

ajanuary12y ago

I've had an idea floating around my head:

The site implements an api which describes what data it needs to perform the check, and the standard would be to accept hashes of the data.

There are then sites that provide a UI over the api. The user can point it to the api URL (they can also allow it to be specified in the URL so it can be linked to), it performs the hashing client side and makes requests to the API.

The worst the people providing the api can get is hashes, and people can check the source for the UI to verify it isn't siphoning off data.

Because the UI is decoupled from the data leak, there is less code to check.

nezza-_-12y ago

Yeah, but it's still easy to do mistakes this way. For instance, the keyspace of phonenumbers isn't really large, so just hashing wouldn't help much against someone trying to get phone numbers. With e-mail addresses it's a bit better I guess.

A client-side, bloom-filter based solution would be nice IMHO. You would get either a definitive "No, your data wasn't leaked" or a "Your data was very likely (xx% possibility) leaked."

This all still doesn't help non-technical people decide whether a site can be trusted though :)

dwaltrip12y ago

Thanks for putting this up. So the dump didn't include the last two digits?

statusgraph12y ago

It probably did, but the site is attempting to provide some level of privacy.

Interesting decision. Sure the dump is publicly available, but this is much more accessible.

minimaxir12y ago

The dump does not include the last 2 digits (has the same XX at the end). The original site mentions this.

jlgaddis12y ago

Nope.

"For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it."

disclosure12y ago

Full list (limited paging per IP) with partial number check: https://dazzlepod.com/snapchat/

techAPJ12y ago

IMHO, I really think that script should only return whether the phone number is leaked or not, instead of showing the phone number of provided user name.

adam22212y ago

has some coined the term for this trend yet?. where a site is hacked, and it's followed by a trend, to create websites to check if you are one of the sheep got slayed in a hacking attack.

what about SheepCheck? it does not sound right, then again, which other internet slang term does? ;)

j / k navigate · click thread line to collapse