Snapchat Apologizes, Issues App Update with Opt-Out of Hackable Feature
After about 4.6 million Snapchatters' usernames and phone numbers were exposed by a hack of a security vulnerability that the young social media company was repeated warned about, Snapchat has issued an apology and an update to its app.
The update now allows users to opt out of the unsecured feature responsible for the data breach -- "Find Friends." The feature allowed users to search their phone's contact list for numbers that were associated with Snapchat accounts, and vice versa, giving them the option to discover and add friends that they might not have known were on the photo sharing social network. Now, according to Snapchat's latest blog post, users who do not want their phone number and user name to be linked together can opt out by going to Settings > Mobile #, and disabling the setting "Link username to mobile #."
The update also requires users registering with Snapchat to verify their phone number before using the Find Friends service -- hopefully putting another roadblock in the way of those who want to exploit the function to harvest personal information.
Beyond the app update, what is an equally important development with Snapchat's latest blog entry is the fact that the company finally apologized to users for the massive security breach:
"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," said "Team Snapchat" in its blog post on Thursday. "We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."
Last week, in Snapchat's first blog post to acknowledge the listing of 4.6 million of its users' usernames and phone numbers, the company remained defiant, blaming white hat hackers for exposing details of Snapchat's API weaknesses and offering no apologies to the security community or its user base for effectively ignoring calls to address the Find Friends security weakness. According to the Los Angeles Times, Snapchat co-founder and Chief Executive Evan Spiegel even went on the Today show after the hack took place and did not apologize.
The security community has found Snapchat intransigent to its calls for fixing Find Friends security problems. As early as August 2013, white hat hackers Gibson Security published a report about the vulnerability, and while Snapchat later issued statements to the effect that the hack was minor and it would take care of it, the vulnerability continued to exist.
Later, after more calls from security experts to fix the hackable Find Friends feature, Snapchat responded in a Dec. 27 blog post saying, "Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code ... they could create a database of the results and match usernames to phone numbers that way." But Snapchat claimed to have implemented "various safeguards" to make that kind of exploit "more difficult to do."
On New Year's, theory became reality, and the "various safeguards" turned out to not be so effective, when SnapchatDB.info published the information they were able to scrape out of Snapchat's servers with the Find Friends vulnerability. It took nine days for Snapchat to finally apologize for its hubris.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!