No apology, but Snapchat responds to leak of 4.6 million users’ phone numbers

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Snapchat has now responded to the leak of 4.6 million usernames and phone numbers, after it failed to adequately prevent hackers from abusing its private API.

Snapchat

Here’s the timeline of what’s been happening up until now:

August 2013: Researchers at security group Gibson Research tell Snapchat that they have found weaknesses in the photo-sharing service that could be exploited through its API.

Sign up to our free newsletter.
Security news, advice, and tips.

December 24 2013: Frustrated by a lack of response from Snapchat (Gibson Security claimed the problem could be fixed easily – “if they can’t rewrite ten lines of code in that time they should fire their development team”), the researchers published the Snapchat API and detailed how it could be exploited to scoop up users’ details.

December 27 2013: Snapchat dismisses the weakness as “theoretical”.

New Year 2014: Hackers put “theory” into practice, making available a database of 4.6 million Snapchat usernames and partially redacted phone numbers.

The publishing of that database on the internet became huge news, and a PR headache for Snapchat. The firm has now responded – saying it will release an updated version of the app which will allow users to opt-out of appearing in the “Find Friends” feature which leaked phone numbers in the first place.

Snapchat In addition, Snapchat says it will further improve “rate limiting and other restrictions” to address future abuse of its API. By George, lets hope they get it right this time.

Finally, Snapchat has announced it has created a specific email address for security researchers to report flaws and concerns in future: [email protected].

In conclusion Snapchat says:

The Snapchat community is a place where friends feel comfortable expressing themselves and we’re dedicated to preventing abuse.

What a shame the firm didn’t comfortable expressing an apology to the 4.6 million Snapchat users who have already had their privacy exposed by this incident.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “No apology, but Snapchat responds to leak of 4.6 million users’ phone numbers”

  1. Havenswift Hosting

    Amazing stupidity for ignoring the reports in the first place and then complete arrogance in their approach to the aftermath. You would hope that some senior people paid the price for the initial mess but judging by their response that is unlikely !

  2. Another in a depressingly long line of new tech companies that prefer the denial, head-in-sand, make it a huge story approach rather than fess up quick, fix it fast, no story approach.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.