Snapchat a social networking app popular for sharing photos with friends that self-destruct after a few seconds has had a security breach. The servers of Snapchat were hacked that has resulted in usernames and mobile numbers of over 4.6 million users being exposed and possibly available on the internet.
According to reports, Gibson Security on August 27, 2013 had pointed out flaws in Snapchat’s “Find Friends” feature. The exploits were recently made public and as a result hackers were able to access information from Snapchat servers.
Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.
Snapchat has posted a blog post acknowledging the security breach and explained how the hackers got the information:
… it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
This security breach is clearly a result of Snapchat not working quick enough to patch the security holes in time. The flaws had been exposed 4 months ago however, the company failed to take action which has now resulted in 4.6 million unhappy users.
The developers are now working on an updated version of the app that will allow users to opt-out of Find Friends feature and will be “improving rate limiting and other restrictions” to avoid such attacks.
Snapchat was recently approached by Facebook for acquisition for about $3 billion however, the company refused the offer. The social networking app to share photos and short video clips is popular among teenagers. Sharing photos without leaving any tracks behind has proved to a successful strategy behind Snapchat’s user base.
Gibson Security has put up a website “GS Lookup – Snapchat” to allow users to check if their details were stolen by entering their username on the website. The site notes that only specific areas of America were included. It also suggests some steps you could take in case your details were stolen.
This is not the first time such a security breach has happened in a social networking application. Recently even Skype was targeted by hackers during the holiday season.