Snapchat app update to address security concerns

By Jon Robinson Comment


Snapchat finally addressed the hacking breach of 4.6 million usernames and phone numbers from it service, writing a blog post that promises an update to the app that will enable users to opt out of the Find Friends functionality that led to the all of the chaos.

The post also promises that the update will improve rate limiting and other restrictions to prevent future abuse.

From the post:

“When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends. Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

“A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.

“We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.”

Snapchat urges security experts to contact them immediately at, if/when future vulnerabilities to the service are detected.