Skip to main content

Snapchat improves app security after user account leak

snapchat suffers spam attack
Image used with permission by copyright holder

After the usernames and mobile numbers of 4.6 million users found their way onto the Web this week, Snapchat has taken steps to plug the some of the security gaps in its photo sharing app. In a blog post that seems short on contrition, the development team promises that an update is on the way to prevent this sort of large-scale data harvesting in the future.

At the center of the security storm is the Find Friends feature that enables your friends to add you on Snapchat via your phone number. With a little bit of hacking, an unscrupulous individual can ping Snapchat’s databases to match names to numbers, and this is exactly what has happened.

Snapchat’s official blog post starts off with a defence of the Find Friends feature before firing a shot across the bows of Gibson Security, who first brought this Snapchat vulnerability to the public’s attention: “A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”

“On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks,” continues the statement. “We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”

So there you have it — you can pull your number out of the Find Friends database once you’ve used it to build up your Snapchat contacts, and the developers will also make it tougher to harvest several million names next time around. According to security firm AdaptiveMobile, users in California and New York were the worst hit by the data breach, with Colorado, Illinois and Florida also heavily targeted.

At the time of writing the Snapchat app update hasn’t yet arrived, but it shouldn’t take long to appear in your app store of choice.

Editors' Recommendations

Topics
David Nield
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
8 iPhone browser apps you should use instead of Safari
iPhone browser apps

By default, the Safari web browser is available on every iPhone, including the iPhone 15 series. Nevertheless, several other web-browsing options can be found on the App Store, each with at least one unique feature that distinguishes it from the others. While some web browser apps like Google Chrome, DuckDuckGo, and Microsoft Edge might already be familiar to you, others such as Aloha and Arc Search may not be.

If you're looking for a Safari alternative, here are our favorite iPhone browser apps you should consider using instead.
Google Chrome

Read more
Qualcomm is about to make cheap Android phones better than ever
Qualcomm Snapdragon 8s Gen 3 render.

Qualcomm is adding a new top-tier mobile chipset to its portfolio — one that takes the best bits of its flagship Snapdragon 8 Gen 3 silicon, makes some concessions, and serves it all up in a more affordable package. The result of those efforts is the Snapdragon 8s Gen 3, which is slated to appear inside phones from Xiaomi and Honor in the coming month.

Qualcomm is once again pushing generative AI capabilities for its latest silicon, touting features like image expansion, support for AI models from the likes of Meta to create an intelligent on-device assistant, and readiness for Google’s Gemini Nano model. So far, these things have remained exclusive to Google's Pixel and Samsung flagships, but it appears that the Snapdragon 8s Gen 3 will finally bring them to a larger audience.

Read more
LinkedIn adding word games so you can procrastinate at work
A LinkedIn mobile app store page displayed on a mobile device.

LinkedIn may exist to help professionals look for new job opportunities and network with others in the same field, but it could soon become the place for a bit of downtime, too.

Why? Because it's planning to introduce games to its platform.

Read more