Selfie sharing app Snapchat will update its software in the wake of a hacking attack that exposed more than four million usernames and phone numbers.
The website was attacked last week, and breached through a vulnerability that had been discussed by a security company but dismissed by the firm.
Since that first dismissal and the announcement of the security breach the firm has taken the matter more seriously and is now in the process of updating its application to be more secure and less open to exploitation.
“We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks,” it said.
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”
The firm does not seem to be particularly happy with Gibson Security, the outfit that blogged in detail about its vulnerabilities. In its blog it suggests that none of this would have happened without the disclosure.
“A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns,” it added.
“On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”
Snapchat recently baffled analysts by turning down a $3 billion buyout offer from Facebook, banking on bigger offers to come. The big question is how ads will come into play as they move to capitalize on their userbase and generate revenue.
This article was originally published on the Inquirer.