Skip to main content

Snapchat improves app security after user account leak

After the usernames and mobile numbers of 4.6 million users found their way onto the Web this week, Snapchat has taken steps to plug the some of the security gaps in its photo sharing app. In a blog post that seems short on contrition, the development team promises that an update is on the way to prevent this sort of large-scale data harvesting in the future.

At the center of the security storm is the Find Friends feature that enables your friends to add you on Snapchat via your phone number. With a little bit of hacking, an unscrupulous individual can ping Snapchat’s databases to match names to numbers, and this is exactly what has happened.

Recommended Videos

Snapchat’s official blog post starts off with a defence of the Find Friends feature before firing a shot across the bows of Gibson Security, who first brought this Snapchat vulnerability to the public’s attention: “A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”

“On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks,” continues the statement. “We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”

So there you have it — you can pull your number out of the Find Friends database once you’ve used it to build up your Snapchat contacts, and the developers will also make it tougher to harvest several million names next time around. According to security firm AdaptiveMobile, users in California and New York were the worst hit by the data breach, with Colorado, Illinois and Florida also heavily targeted.

At the time of writing the Snapchat app update hasn’t yet arrived, but it shouldn’t take long to appear in your app store of choice.

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Topics
Samsung Galaxy Z Flip 7: the upgrade we’ve been waiting for?
Thre Flip 7 models next to each other

I never really thought that I'd want to go down the route of owning a flip phone, ever since I swore off my Nokia in the early 2000s (you know, the one with the weird felt covering and tiny notification window).

Fast forward two decades, and I'm considering rejoining the race, thanks to the Samsung Galaxy Z Flip 7. Coming in at $1,100, it's not cheap, but it's definitely something different compared to the world of black rectangles, and it it feels like Samsung’s Flip family has finally come of age.

Read more
I used the Galaxy Z Fold 7, here’s why I’m completely smitten
The back of the Galaxy Z Fold 7

We’ve waited several years for Samsung to join the party, but it’s finally here: Samsung has followed rivals like Oppo, OnePlus, and Honor in building a thinner, lighter, and sleeker Galaxy Z Fold 7. It’s an impressive feat of engineering and a major upgrade over previous years.

It’s easy to consider the Fold 7 nothing more than an update to the Galaxy Z Fold 6, but in many ways, it feels like a huge step forward, not just for Samsung but for all folding phones. I spent a few hours with the Galaxy Z Fold 7 in an exclusive preview, and here’s why I absolutely love what Samsung has done this year.

Read more
I tried the Samsung Galaxy Watch 8 series – they’re sleek, but with a lot to prove
Watch 8 on a wrist

Trying out the Samsung Galaxy Watch 8 and Watch 8 Classic is a tough gig - not in terms of it being a hardship to try out two high-end models, but that it's impossible to assess them with only 30 minutes’ use.

I can easily talk about the improved design and the fit of the straps etc, but the real changes are within the health ecosystem, and they'll need sustained testing to really understand if they're any good.

Read more