Skip to main content

Snapchat to update app following leaked user data

Snapchat has announced it will be offering a security fix in the wake of millions of usernames and phone numbers of account holders being leaked online.

On Wednesday a site called released 4.6 million partially redacted phone numbers together with their corresponding Snapchat usernames in an apparent effort to force the messaging app to improve its security.

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," SnapchatDB told Techcrunch.

"It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."

The update to Snapchat will allow users to opt out of the Find Friends feature, which was the source the data leak.

Snapchat had previously been made aware of the security flaw by Gibson Security, but claimed it had fixed the problem in a blogpost last week.

"Over the past year we've implemented various safeguards to make it more difficult to do," read the blogpost. "We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

However, whatever safeguards had been put in place were evidently not enough to prevent SnapchatDB from pulling off the stunt.

Rik Ferguson, vice president of security research at Trend Micro, believes that exploiting such vulnerabilities will be done by criminals rather than just simple proofs-of-concept in the future.

"These two areas, vulnerabilities in mobile apps and vulnerabilities in APIs, are areas still largely under explored by criminals but we fully expect to see malicious exploits, rather than simple proofs-of-concept ramping up over the coming years," Ferguson said in a blogpost.

"We, as users, store ever more data; data often belonging to other people, on our mobile devices and app developers are very interested in getting hold of that data, as are criminals."