Quantcast

Snapchat Talks Breach, Updates App

Get the WebProNews Newsletter:


[ Social Media]

As you’re probably aware, Snapchat was the target of a massive security breach that compromised 4.6 million usernames and phone numbers. The company has since responded to the problem both with an interview for the Today show and a blog post announcing an update to the app.

CEO Evan Spiegel spoke about the breach with Carson Daly:

Visit NBCNews.com for breaking news, world news, and news about the economy

“We call it abuse of the ‘find friends’ service…you know, a tool we developed to help snapchatters find their friends was used by someone to find the usernames of people who weren’t their friends,” he said. “This person had 4.6 million friends in their address book, and they were able to match those phone numbers to user names, and then release that list.”

“All technology businesses in general are susceptible to hacking, and that’s why you have to work really really hard with law enforcement, with security experts, you know, internal and external groups to make sure you’re paying attention and addressing security concerns,” he told Daly.

As discussed in the aforementioned blog post, Snapchat had been warned that service was vulnerable days before the breach. The company wrote:

A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.

We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.

“I believe at the time we thought we had done enough, but I think in a business like this – in a business that’s moving so quickly – if you spend your time looking backward, you’re just gonna kill yourself,” Spiegel said on the Today show.

Snapchat has released an update to its app so that users can opt out of appearing in the Find Friends feature after they’ve verified their number. The company says it’s also improving the rate limiting and other restrictions to address future attempts at abuse.

Finally, they’re urging security experts who find issues to email them at security@snapchat.com.

Image: Snapchat (Google Play)

Snapchat Talks Breach, Updates App
Top Rated White Papers and Resources
  • http://cass-hacks.com Craig Schultz

    “On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”

    D’Oh! [facepalm]

    When will developers learn that “security through obscurity” is NO security at all?

    It doesn’t take a rocket scientist to reverse engineer one’s HTTP API.

    Maybe Snapchat should have hired coders with experience instead of young whizkids whose only exposure to programming languages in college was Java.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom