A revised version of the popular Snapchat social networking app is on the way following a hack that exposed 4.6 million users’ phone numbers and usernames.
Hackers released ‘SnapchatDB’ – a database of partially redacted phone numbers and usernames – on New Year’s Eve, following a Gibson Security report on Snapchat’s security weaknesses.
Snapchat says it was possible for an attacker to use the functionality of Find Friends – an optional service that asks Snapchatters to enter their phone number so that their friends can find their username – to upload numbers and usernames.
However, Snapchat will be releasing an updated version of the Snapchat application that will allow users to opt out of appearing in Find Friends after they have verified their phone number.
"We’re also improving rate limiting and other restrictions to address future attempts to abuse our service," said Snapchat in a statement.
"We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: firstname.lastname@example.org."
"The Snapchat community is a place where friends feel comfortable expressing themselves and we’re dedicated to preventing abuse."
Those behind the hack told The Verge: "Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. Security matters as much as user experience does.”