Snapchat Talks Breach, Updates AppBy: Chris Crum - January 3, 2014
As you’re probably aware, Snapchat was the target of a massive security breach that compromised 4.6 million usernames and phone numbers. The company has since responded to the problem both with an interview for the Today show and a blog post announcing an update to the app.
CEO Evan Spiegel spoke about the breach with Carson Daly:
“We call it abuse of the ‘find friends’ service…you know, a tool we developed to help snapchatters find their friends was used by someone to find the usernames of people who weren’t their friends,” he said. “This person had 4.6 million friends in their address book, and they were able to match those phone numbers to user names, and then release that list.”
“All technology businesses in general are susceptible to hacking, and that’s why you have to work really really hard with law enforcement, with security experts, you know, internal and external groups to make sure you’re paying attention and addressing security concerns,” he told Daly.
As discussed in the aforementioned blog post, Snapchat had been warned that service was vulnerable days before the breach. The company wrote:
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
“I believe at the time we thought we had done enough, but I think in a business like this – in a business that’s moving so quickly – if you spend your time looking backward, you’re just gonna kill yourself,” Spiegel said on the Today show.
Snapchat has released an update to its app so that users can opt out of appearing in the Find Friends feature after they’ve verified their number. The company says it’s also improving the rate limiting and other restrictions to address future attempts at abuse.
Finally, they’re urging security experts who find issues to email them at firstname.lastname@example.org.
Image: Snapchat (Google Play)