Snapchat Finally Plugs Security Hole

Nothing big, ya know.

Just that massive canyon of a vulnerability first discovered in August by Gibson Security, which allowed hackers to slip in completely unnoticed and walk out the backdoor of the photo app Snapchat with nearly 4.6 million usernames and phone numbers before their security team even know what hit them.

In December, we reported that the Snapchat API was potentially vulnerable to what’s known as a “brute-force” attack, wherein hackers overload the local server containing your information and attempt to crack in while the network is under more strain than its built to handle.

The rapidly rising popularity of the app is the main draw for all this controversy, as many of us were just getting comfortable with the idea of temporary picture messaging before we found out all the information we sent through the app might have been put at risk.

The Register

Snapchat spent months scoffing in the face of Gibson, claiming their API was perfectly safe and that no one could gain the kind of access that researchers at the firm were talking about. All it took was about 5 million accounts to go missing for them to finally perk up and start listening.

The fix enables users to choose whether or not they want to be a part of the Find Friends feature, which allows anyone with access to the search bar to look you up as long as you’re somewhere in their address book.

Snapchat elaborated on their reasoning for not including the choice to opt-out from the start.

“When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends.”

Along with the Find Friends fix, Snapchat has also reported they were able to strengthen their servers at home base and better prepare themselves for any more brute force attacks that might be pointed their way in the future.