A security fix is coming from Snapchat after a group calling itself SnapchatDB leaked 4.6 million Snapchat user phone numbers meant to raise awareness about the security issues.
According to the company, the massive leak occurred by compromising Snapchat’s Find Friends feature that allows users to locate their friends on Snapchat using phone numbers.
An exploit in the Find Friends feature caused the leak of 4.6 million partially redacted phone numbers
…it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
Snapchat says it “will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number” and that it’s “also improving rate limiting and other restrictions to address future attempts to abuse our service.”
Nothing was leaked beyond phone numbers and usernames
It’s important to stress that no messages or other data beyond usernames and phone numbers were leaked. Snapchat continually downplayed security risks it had heard about for months, but has since seemed to take on a more aggressive approach to fixing these issues. In fact, the company even has an email address that white-hat hackers can use to notify the company of potential exploits: [email protected].
After Snapchat’s leak and Skype’s social networks being hijacked, it’s been a pretty shaky start to a new year for some calling and messaging apps. Here’s hoping it’s not setting the tone for the rest of the year.