Snapchat has finally apologised for a security hole that saw millions of user records leaked online, and has issued a fix.
Hackers posted 4.6 million phone numbers online after exploiting the hole in the messaging app, which Snapchat admitted it had known about for months.
The company said it had issued an update for its Android and iOS apps that would help fix the problem.
“Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API,” the company said. “We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.”
The update means users can opt out of linking their phone numbers with their usernames.
Earlier warning
The problem first came to light in August, after security company Gibson Security found a flaw with Snapchat’s “Find Friends” function.
The company said it was “ridiculously easy” to mine the feature to scoop up phone numbers en masse, and warned Snapchat of the security hole.
Though Snapchat apparently patched the flaw, Gibson posted an update in December demonstrating it was still possible to exploit. The company published the exploit code on Christmas Eve – and the hackers carried out the hack only four days later and disclosed the records online.
Gibson told PC Pro last week that publishing the code had been a responsible move, given Snapchat had ignored its earlier warnings.
Though the hacking group’s site was briefly suspended, the phone numbers remain available to download. The group behind the hack, Snapchat DB, said last week it had disclosed the records to teach Snapchat a lesson and suggested there were no plans to take the information offline.
“Our website is back online because many service providers volunteered
and told us that they would be more than happy to host our website,” a spokesperson for the group told PC Pro in an emailed statement. “Our previous hosting account was suspended because the provider was overwhelmed by the public interest and got a little intimidated.”
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
