Odds are, cybercriminals are moving to cash in the 4.6 million customer phone numbers stolen from Snapchat. For a short time on New Year's Day, a Web site allowed anyone to download all the leaked data in a spreadsheet format.
The person responsible for posting that data omitted the last two digits of each phone number, but, notably, solicited requests for copies of the full database.
Basking in hacktivist glory -- while also profiting from a high-visibility hack -- has become a familiar pattern in the cyberunderground.
Sony's Web properties got hacked and defaced by several individuals upset with the entertainment giant's business practices in April 2011. And someone hacked into its PlayStation customer database. Shortly afterward, payment card data for 2.2 million customers also went up for sale on an underground Internet forum.
Something similar could happen to Snapchat.
"There's a risk that uncensored versions of this database could have been created," says Marc Rogers, principal researcher at Lookout Mobile Security. A list of 4.6 million-plus active Snapchat users' phone numbers "would be valuable to spammers," he says.
The fact the Snapchat hacker appeared to have concentrated on stealing data from certain area codes, and only pilfered data from a portion of Snapchat's estimated 30 million users, could mean the primary motivation was to embarrass the company.
"If the intent was black-hat exploitation, the people behind this would not have called attention to the exploit until they had mined all the phone numbers for Snapchat users," says Andrew Conway, research analyst at messaging security firm Cloudmark. "I believe that these are people who want to push Snapchat into fixing their problem before the spammers can exploit it."
However, even the widely circulated partial numbers are useful to spammers.
A simple program could cycle through all possible combinations of the missing two digits, says Cathal McDaid, a researcher at mobile device services firm AdaptiveMobile.
McDaid sorted the 4.6 million partial phone numbers and found Snapchat users concentrated in six states: California; New York; Illinois; Colorado; Florida; and Massachusetts.
With a bit of online research, a spammer could easily match phone numbers to Snapchat users' first names and customize text-messaging spam for questionable products or even carrying infectious Web links, a common spamming technique.
SMS (short message service) phishing spam is on the rise. These are text messages that lure a mobile device user into clicking on a malicious weblink, often using a geographical or business reference to make it believable. Knowing a phone number belongs to a Snapchat user would enable even slicker come-ons.
"We may see spurious requests to 'protect' your Snapchat app by clicking on a malicious link in a text message," says McDaid.
Since a high percentage of Snapchat users are adolescents and teens, Troy Vennon, director of the Mobile Threat Center at Juniper Networks, is worried that spammers could be using the partial numbers to craft campaigns aimed at youngsters.
"There could certainly be an increase in texting spam," Vennon says. "This is most concerning for younger users who may now receive inappropriate content or messages."
© 2014 USA TODAY under contract with YellowBrix. All rights reserved.