Photo messsaging service Snapchat hopes that an updated version of its popular app will put it on the path towards rebuidling customer trust after the data of 4.6 million of its users ended up online.
Late last week Snapchat published a blog post saying it would release an updated version of its popular app in order to remediate now heavily publicised issues with its Find Friends service, which lets users find other members using a phone number lookup method.
“We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames,” the post said.
“On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.”
The photo messaging service said that the updated app will allow users to “opt out of appearing in Find Friends after they have verified their phone number.” To prevent future abuse of its service, Snapchat is also improving other app restrictions.
Ironically enough, Gibson Security – the security group that warned Snapchat of the vulnerability in its application programming interface (API) and disclosed the issue after Snapchat appeared sluggish to respond – has erected a page for users to find out if they were impacted by the leak.
Over the weekend, 23 year-old Snapchat CEO Evan Speigel spoke to US news station NBC in response to criticism that his company had been complacent about data security.
"I believe that at the time we thought we had done enough," he said. "In business like this that is moving so quickly if you keep looking backwards you're just going to [drive yourself into the ground]".
The group that exploited the Snapchat vulnerability to access and post users' data online, has yet to be identified.
Snapchat now directs researchers to disclose security vulnerabilities to the service by emailing firstname.lastname@example.org.