Snapchat urges security experts to inform of weaknesses rather than expose them | Social Media | Mobile Entertainment

Snapchat urges security experts to inform of weaknesses rather than expose them

Snapchat
Phil Tottman

by

Social / January 3rd 2014 at 11:12AM

Update on its way to better protect users information.

Snapchat has suggested that the attack - which leaked the info of 4.6 million users - was sparked by the Australian security company who reported on the weakness, then proceeded to publicly document Snapchat’s API, making it easier for individuals to abuse the service and violate its terms of use.

Passing the buck much?

In its defense, it did say that they would prefer if any new ways to abuse the services were discovered, then experts should contact them direct, as opposed to exposing them publicly.

The Find Friends feature of the app - the target of the attack – was created so users could find others on their contact list using their phone number.

Meaning that anyone with your number could find your username, leaving the Find Friends tool open for abuse.

As much as the blog post acknowledged that the attack happened, they also previously acknowledged that an attack was possible.

“We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames.”

If this is something that the company was aware of, it begs the question as to why they didn’t act on it before.

It did however mention that an update is well on its way that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their number.

They also pointed out that no other information, including snaps, were leaked in this attack.

Users have spoken up about their disappointment in an apparent lack of apology in this blog post.

One user said: “$10 to whoever shoes me where the apology is in this. Still looking.”