After several days of awkward silence surrounding data security concerns, social-sharing service Snapchat has responded to allegations of hacking Thursday on the company's blog — promising an update to make its mobile application more secure by allowing users to opt out of providing phone numbers as a way for others to easily locate user names through the app.
The response entitled "Find Friends Abuse", came after hackers identifying themselves as SnapchatDB leaked some 4.6 million Snapchat usernames and phone numbers online on New Years Eve — a breach made possible by vulnerabilities in the service's security.
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number,” the company said in a blog post. “We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”
The company took aim at the anonymous group of hackers by referring to these self-appointed watchmen as “attackers” in their statement.
“We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames.” the company said.
Snapchat also announced a way for security firms to report any future vulnerability concerns by emailing firstname.lastname@example.org directly so the company can respond more quickly while making it clear in their statement that “no other information, including Snaps, was leaked or accessed.”
“Ensure that your security settings are up to scratch on your social media profiles,” Gibson Security told the AP. “Be careful about what data you give away to sites when you sign up — if you don't think a service requires your phone number, don't give it to them.”
To find out if your username was included in the shared list you can use this website created by developer Robbie Trencheny to confirm if your information has been compromised. The site also offers advice on what to do next if you find your data has been compromised.