

Snapchat Checker - brsch
http://robbiet.us/snapchat/

======
freehunter
I really wish these "check if you've been hacked" sites gave some sort of
reason why I should trust them. How would my mom know if this was a secure
check or just a phishing scam?

~~~
ajanuary
I've had an idea floating around my head:

The site implements an api which describes what data it needs to perform the
check, and the standard would be to accept hashes of the data.

There are then sites that provide a UI over the api. The user can point it to
the api URL (they can also allow it to be specified in the URL so it can be
linked to), it performs the hashing client side and makes requests to the API.

The worst the people providing the api can get is hashes, and people can check
the source for the UI to verify it isn't siphoning off data.

Because the UI is decoupled from the data leak, there is less code to check.

~~~
nezza-_-
Yeah, but it's still easy to do mistakes this way. For instance, the keyspace
of phonenumbers isn't really large, so just hashing wouldn't help much against
someone trying to get phone numbers. With e-mail addresses it's a bit better I
guess.

A client-side, bloom-filter based solution would be nice IMHO. You would get
either a definitive "No, your data wasn't leaked" or a "Your data was very
likely (xx% possibility) leaked."

This all still doesn't help non-technical people decide whether a site can be
trusted though :)

------
dwaltrip
Thanks for putting this up. So the dump didn't include the last two digits?

~~~
statusgraph
It probably did, but the site is attempting to provide some level of privacy.

Interesting decision. Sure the dump is publicly available, but this is much
more accessible.

~~~
minimaxir
The dump does not include the last 2 digits (has the same XX at the end). The
original site mentions this.

------
disclosure
Full list (limited paging per IP) with partial number check:
[https://dazzlepod.com/snapchat/](https://dazzlepod.com/snapchat/)

------
techAPJ
IMHO, I really think that script should only return whether the phone number
is leaked or not, instead of showing the phone number of provided user name.

------
adam222
has some coined the term for this trend yet?. where a site is hacked, and it's
followed by a trend, to create websites to check if you are one of the sheep
got slayed in a hacking attack.

what about SheepCheck? it does not sound right, then again, which other
internet slang term does? ;)

