Snapchat Checker
robbiet.usI really wish these "check if you've been hacked" sites gave some sort of reason why I should trust them. How would my mom know if this was a secure check or just a phishing scam?
They aren't asking for any secrets just a username. I didn't read the details of the recent issues, is there any reason why a snapchat user name should be guarded?
This (https://pay.reddit.com/r/netsec/comments/1u4xss/snapchat_pho...) is the creator's comment on the reddit thread. You can drill him for questions, if you want. :)
I've had an idea floating around my head:
The site implements an api which describes what data it needs to perform the check, and the standard would be to accept hashes of the data.
There are then sites that provide a UI over the api. The user can point it to the api URL (they can also allow it to be specified in the URL so it can be linked to), it performs the hashing client side and makes requests to the API.
The worst the people providing the api can get is hashes, and people can check the source for the UI to verify it isn't siphoning off data.
Because the UI is decoupled from the data leak, there is less code to check.
Yeah, but it's still easy to do mistakes this way. For instance, the keyspace of phonenumbers isn't really large, so just hashing wouldn't help much against someone trying to get phone numbers. With e-mail addresses it's a bit better I guess.
A client-side, bloom-filter based solution would be nice IMHO. You would get either a definitive "No, your data wasn't leaked" or a "Your data was very likely (xx% possibility) leaked."
This all still doesn't help non-technical people decide whether a site can be trusted though :)
Thanks for putting this up. So the dump didn't include the last two digits?
It probably did, but the site is attempting to provide some level of privacy.
Interesting decision. Sure the dump is publicly available, but this is much more accessible.
The dump does not include the last 2 digits (has the same XX at the end). The original site mentions this.
Nope.
"For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it."
Full list (limited paging per IP) with partial number check: https://dazzlepod.com/snapchat/
IMHO, I really think that script should only return whether the phone number is leaked or not, instead of showing the phone number of provided user name.
has some coined the term for this trend yet?. where a site is hacked, and it's followed by a trend, to create websites to check if you are one of the sheep got slayed in a hacking attack.
what about SheepCheck? it does not sound right, then again, which other internet slang term does? ;)