Earlier this week, news broke
that a security
exploit in Snapchat
allowed hackers to claim some 4.6 million usernames and phone numbers from the service. The group responsible for the hack posted the list, with some information redacted, for all to see.
Snapchat described the issue in a blog post
, noting that it was the Find Friends feature that was at fault. The tool lets users check their friends’ phone numbers against the Snapchat database to see if they’re available on the site. It’s just a way for people to find each other on Snapchat, but as Snapchat described it, “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”
The company says that it will address the problem by updating the app so that people can opt out of the Find Friends feature as well as “improving rate limiting and other restrictions”. Snapchat, apparently realizing that white hat security pros such as Gibsons Security (the company that first made Snapchat aware of the security problem) are there to help, also has a new email address for those folks to send them any issues they find.
What Snapchat did not offer was an apology.