Snapchat tweaks security after massive hack
(CNN) — Snapchat will add new privacy features after a hack last week that exposed millions of phone numbers and user names from the popular photo- and video-sharing app.
The company said in a blog post it will be updating the app to allow users to opt out of a “Find Friends” feature that uses their mobile phone number. They’ll also be adding internal restrictions that will make it more difficult to employ the method hackers say they used to expose 4.6 million accounts.
“The Snapchat community is a place where friends feel comfortable expressing themselves and we’re dedicated to preventing abuse,” Snapchat said in the post, which did not include an apology to its users.
On Tuesday, hackers posted user names and phone numbers, with the final two numbers redacted, to a website called SnapchatDB.info. The site had been suspended by its Web host but, by Friday, appeared to be back online with phone numbers and user names both partially disguised.
The site made the data available for download and offered, by request, to consider releasing unredacted info, which matched the user names with the phone numbers associated with them.
The hack appears to have been an effort to push Snapchat into improving its privacy protections.
“Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed,” the hackers said in a statement released to news outlets. “It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does.”
Last week, Gibson Security — a group of “white hat” hackers, meaning they don’t exploit the security gaps they find — published what they said was code that would enable such a hack. The SnapchatDB group said Snapchat implemented “very minor obstacles” after that.
In the blog post, Snapchat said it had added security measures after Gibson suggested in August that such a hack was possible, but that the group’s Christmas Eve post had more details that made Snapchat’s system easier to exploit.
Sources told Business Insider last month that Snapchat has about 30 million monthly active users and more than 16 million daily users.