Snapchat is experiencing a security nightmare as a group called SnapchatDB has released a collection of user phone numbers with the last two digits of blocked out that they managed to steal from a flaw in Snapchat's security code that they were able to exploit. Now the company has responded to the controversy.
"A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use," read a statement on Snapchat's Blog. "We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks."
Snapchat went on to say that it would be releasing an update to the application that will allow users to opt out of appearing in the Find Friends section after they have verified their phone number. The company then instructed security researchers of the best way to contact them if any more holes in their security can be found.
What is not included in the statement is an apology to those who have been affected by the attack, that many argue could have been prevented had Snapchat done something about the problem when it was first brought to the company's attention weeks ago. So far there's no word on why that happened.
"We're not the first people to reverse engineer some of Snapchats protocol, we just created the most extensive documentation," wrote Gibson Group, the people who were among the first to warn Snapchat of its code flaws, in a response. "Several people before us did some research and at no point were they met with this level of impoliteness. In fact, we think that you abused the trust of your user base by failing to respond to this situation with a swift response, we are yet to hear of what the users/people included in the leak have to do now, and at no point did I see an apology to the user base."
If you want to see if your information has been compromised in this cyber attack on Snapchat information, you can test it out HERE.