Snapchat responds to user data leak, planning app update to alleviate potential security issues

January 2, 2014
23 80 6

snapchat

A week ago the Gibson Security research team published details about two major security flaws in Snapchat, one of which could potentially allow hackers to mass collect phone numbers from Snapchat users. Just yesterday it came to light that a group of hackers calling themselves SnapchatDB had followed the ‘instructions’ posted by the security team and had subsequently managed to leak 4.6 million partially redacted phone numbers, all in a move designed to bring attention to unfixed Snapchat’s security issues.

So what exactly made this ‘hack’ possible? Basically the exploit took advantage of Snapchat’s “Find Friends” feature. The feature is designed to make it possible to find friends via a phone number, but hackers can also use this to their advantage. SnapchatDB was able to upload a bunch of random numbers to see if any of them matched Snapchat accounts, creating a list of numbers that could then theoretically be sold to third parties for spamming and other purposes.

Using the exploit, SnapchatDB was able to upload a bunch of random numbers to see if any of them matched Snapchat accounts.

As you can imagine, this has created a lot of concern about the security of Snapchat in general. Sure these particular hackers didn’t sell the numbers or anything, but next time things could be different.

On the bright side, Snapchat has since responded and says they are preparing an updated version of Snapchat that will allow users to opt out of appearing in Find Friends. They will also be “improving rate limiting and other restrictions to address future attempts to abuse our service.”

Interestingly enough, Snapchat has never directly apologized for the issue in the first place, though they have made it clear that information about any future security issues should be promptly sent to “Security@snapchat.com”.

What do you think of the whole number leaking debacle? Does this leak negatively affect your opinion of Snapchat, or do you think the media is making a bigger deal out of this then they should? Let us know what you think in the comments.

Comments

  • MasterMuffin

    I think it’s good that people know about this, and I hope that they make it clear for all users that there is that setting in there (once they update it) instead of just hiding it somewhere deep in the settings and being like “we did what you asked for, now it’s up for the average user to actually accidentally find this setting”!

  • icyrock1

    They’re had this leak for over 2 months. How could this not make you see them negatively.

  • Arturo Raygoza

    Facebook failed at buying them out so now someone wants to destroy them

  • Nicholas Punk Rock Pooley

    My number was leaked. I promptly deleted my snapchat account and will never use it again. I also convinced several of my friends to do the same. I hope they get sued and die a fiery death.

    • Dario · 753 a.C. .

      where are you from? i’m from Rome and here snapchat is not so much used… only few people has it.

      instead, i’ve a friend of mine from america and she uses snapchat a lot..

  • tz

    test