Snapchat apologizes for API security flaw, issues app update
Thursday, January 9, 2014 @ 2:08pm
| Snapchat has apologized for a server intrusion that led to the leaking of usernames and phone numbers of approximately of 4.6 million users. At the same time, the service has updated its Android and iOS apps to allow users to opt out of linking their phone number from their user name, as well as requiring new users to verify their phone number before using the Find Friends function of the app.
Though the service has previously acknowledged the intrusion, as well as vulnerability warnings posted by a security group on Christmas Eve, this is the first time Snapchat has apologized over the security lapse. "Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," states the company blog, continuing "We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."
The hack, performed by a group using the website SnapchatDB.info, allowed programmers to use Snapchat's API to find out a considerable amount of data, such as linking phone numbers with user names, display names, and account privacy settings. The group published the combinations of usernames and phone numbers, censoring the last few digits of each in order to minimize spam to affected users.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," said the group responsible for the hack, advising that tech startups must make security and privacy a primary goal.