Recovering from a bad start to 2014, Snapchat responded back to the hackers who leaked data of 4.6 million usernames and phone numbers on a website SnapchatDB.info which is now back online after a suspension of just one day.
Snapchat has risen beyond expectations in a span of just 3 years and was doing well before it took a huge blow from hackers. The app is giving tough competition to Facebook’s Instagram, who reportedly try to acquire the company for $4 Billion.
The app responded to the hackers through a blog post which also confirmed that no users images or videos were leaked in the breach. The company also announced the roll out of a new updated version where in users will be allowed to opt-out of the Find Friends feature that was exploited to extract data during attack. However, no date has been yet finalised for the launch of the update.
The company’s blog post read,
“When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat — so we created Find Friends. Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.
A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.
We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com.
The Snapchat community is a place where friends feel comfortable expressing themselves and we’re dedicated to preventing abuse.”
Such a massive leak of information could have costed the app a fortune. Snapchat is taking all precautions to prevent such incidents in the future. 2014 is not proving to be very good for the social media domain, users and websites need to be more careful or something even worse can turns up.
via SocialAppsHQ Blog http://www.socialappshq.com/blog/2014/01/03/snapchat-answers-the-hackers/
No comments:
Post a Comment