Snapchat promises new app to fix privacy exploit

Jan 2, 2014
1
Snapchat promises new app to fix privacy exploit

Snapchat has finally responded to the ongoing hack controversy that saw usernames and matching phone numbers of over four million users leaked in recent days, promising an updated version of the app to address privacy concerns. The new Snapchat will allow users to opt out of appearing in the "Find Friends" feature which worked as the gateway to the exploit, Snapchat said today, with other protections like rate limiting for how many numbers can be compared with accounts also improved.

Snapchat users, once they register, will still be required to verify their cellphone number. However, Snapchat will now allow them to remove their contact details from the Find Friends database, which is used to help new users find existing friends already using the service.

The development team behind the app had already implemented what are described as "rate limiting and other restrictions" though not before a group of hackers used the API exploit to pull out a huge number of registered user details. However, Snapchat is eager to point out, no actual photos have been leaked.

Nonetheless, the reaction to the hack has not been positive. Almost equal criticism has been paid to how Snapchat reacted to originally being told about the possible loophole in its security; according to the Australian researchers responsible, that disclosure happened all the way back in August 2013, but Snapchat failed to react and patch the problem until it was made public in late December.

Snapchat, however, has a different recollection of how things went, with the company saying today that it began implementing rate limiting and other systems "shortly thereafter" the August revelations.

Still, even with those in place, it seemingly proved insufficient to fully protect user-data. Snapchat has now publicized its security contact details, so that future issues can be more readily addressed, but its been left to third-party services like LastPass to offer tools that allow users of the app to check whether their details were compromised.


Must Read Bits & Bytes