The video sharing site Snapchat has said it will release a new version of its app after a leak of users’ identifications and phone numbers over the New Year period.
The video sharing site Snapchat has said it will release a new version of its app after a leak of users’ identifications and phone numbers over the New Year period.
The app, according to a statement on the network’s web site, would allow users to opt out of appearing in the Find Friends feature, after their number had been registered. The update had been made after the leak of data of 4.6 million users, according to a report from the BBC.
Public awareness or exposure?
Users of the Find Friends feature, according to a blog post of 27 December, could be matched by matching phone numbers and usernames, though the site has said various safeguards were implemented to prevent that. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,” a blog post on Snapchat’s web site read. “Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
Snapchat added that no other information, including any Snaps, had been compromised beyond the leak. The issue had been noted in a report from the internet security firm Gibson Security, issued on Christmas Day, the BBC report added.
In a statement to the American technology news web site Techcrunch, the site behind the leak, SnapchatDB.info, said they wanted to raise awareness about the security issues. “It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal,” the site said in their statement. “Security matters as much as user experience does. Snapchat could have easily avoided that disclosure by replying to Gibsonsec’s private communications, yet they didn’t. Even long after that disclosure, Snapchat was reluctant to taking the necessary steps to secure user data.”
‘Dedicated to preventing abuse’
The site said in its statement that the last two digits of phone numbers stored were censored, however the data could be released unfiltered, the Techcrunch report adds.
The Find Friends feature allows a user to upload contact information to address books so accounts that match the phone numbers in the address book can be displayed for the users, according to Snapchat’s blog post.
Additional updates to the app would include the limit of API rate limiting, as well as other restrictions, the blog post added. Snapchat had also encouraged security experts to get in touch if other flaws that could cause abuse were located.
Snapchat added in its post that it was dedicated to ensuring users were safe in using the service. “The Snapchat community is a place where friends feel comfortable expressing themselves and we’re dedicated to preventing abuse,” the post read.
In an interview with the American broadcast network NBC, the service’s chief executive, Evan Spiegel, said technology businesses had been susceptible to hacking, and that it was crucial to work with law enforcement officials, security experts and other parties to ensure the concerns were addressed.
What do you think of the hack of Snapchat? Would you still use the service? Have your say in the comments section below.
Image: Ryan Nagelmann / Flickr
