Updated: Snapchat promises security fix in wake of 4.6 million user info breach

Updated: Snapchat promises security fix in wake of 4.6 million user info breach

Update January 2, 2014: Snapchat is taking the leak by the horns and addressing the hack that compromised 4.6 million users as well as announcing a sort-of fix.

The company wrote in a blog post that it will release an updated version of its app that lets users opt of appearing in "Find Friends." A user will need to verify their phone number before they can opt out.

Snapchat outlined how "an attacker" could use Find Friends to "upload a large number of random phone numbers and match them with Snapchat usernames." This is essentially what happened on New Years Eve.

The company, which didn’t provide any information about what users who did have their data published should do, also said it will improve rate limiting and other restrictions to help prevent future abuse.

Original post from January 1…

A database containing the phone numbers, usernames and locations of 4.6m Snapchat users in North America has been posted online.

In the latest security woe for the $3.5 billion-valued company, the details have appeared on the SnapchatDB.info website and are freely available to download.

The site, claims the data "is being shared with the public to raise awareness on the issue," of widespread Snapchat security vulnerabilities.

The last two digits of the phone numbers have been concealed, with SnapchatDB claiming it will reduce spam and abuse, but the anonymous hackers say they will release the data "under certain circumstances."

Full usernames

However, full usernames are present with the handy tip that "people tend to use the same username around the web," prompting users to go fishing around social media for those final two digits.

The leaked data appears to be localised on two area codes in the United States and Canada, which goes against claims from the hackers to have leaked the ‘vast majority’ of Snapchat users.

The mass posting of Snapchat user data comes just days after the company made assurances that it had "implemented various safeguards to make it more difficult" to obtain and upload user data en masse.

The company is yet to respond to today’s leak, but it seems there will be one or two holes to plug and some tricky questions for Snapchat to answer in the coming days.

  • Does Snapchat’s new Relay option, allowing users to take a second look at photos, defeat its purpose?

    



Comments

comments