This week many Snapchat users were likely shocked to found out that 4.6 million usernames and the phone numbers connected to them were leaked online by a group of hackers. In response to the hack, Snapchat says now that it will release an updated version of its app that will allow users to opt out of the “Find Friends” feature that was exploited.
In a blog post late last night, Snapchat acknowledged that the breach had taken place, after having stayed mum on the attack even while media outlets were reporting that millions of usernames and phone numbers had been published in a database by the hacker group. The new version of the app will give users the chance to not associate their accounts with a phone number through Find Friends.
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”
At least users don’t have to worry about any of their pics — which are designed to self-destruct after a set amount of minutes designated by the sender — showing up on the Internet, according to Snapchat.
“No other information, including Snaps, was leaked or accessed in these attacks,” the company writes in the blog.
Research group Gibson Security had alerted Snapchat twice in the past about possible holes in its security, once in August and once on Dec. 24. Snapchat had said last week that it had set up “various safeguards” to make the app safer, but hadn’t detailed those measures. Then bam, hack attack on New Year’s Eve.
In response to the question of why Snapchat didn’t apparently listen to the warning from Gibson Security, last night’s blog post lists a direct email address any security researchers can use to alert the company of any abuse. Which sort of makes it sound like Snapchat maybe just didn’t get Gibson Security’s messages before? Just a guess.
“We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: firstname.lastname@example.org,” Snapchat’s blog reads.