PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

After Leak, Snapchat Promises to Fix Bug Via App Update

Chloe Albanesius
 & Chloe Albanesius Executive Editor, News

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Snapchat on Thursday acknowledged a recent leak of 4.6 million usernames and phone numbers, and said an updated version of the app will let users opt out of participating in the compromised feature.

The company stopped short of apologizing for the leak, and seemed to blame Gibson Security for "publicly document[ing] our API, making it easier for individuals to abuse our service and violate our Terms of Use."

At issue is Snapchat's Find Friends feature, which lets Snapchatters enter their phone number so friends can find their username. "This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username," according to Snapchat.

In August, Gibson Security published a report about vulnerabilities within Find Friends. The firm said it tried but "failed" to contact Snapchat about these problems prior to the report's publication.

"The only contact we've received from Snapchat was one email from Micah Schaffer (Snapchat's Director of Operations) on 28/12/2013," Gibson said on its website.

Snapchat neither confirmed nor denied this assertion in its Thursday blog post, but urged security experts to contact the company via security@snapchat.com with any future bugs.

Gibson's latest showdown with Snapchat came last month when it revealed several vulnerabilities within the Snapchat app. One of those bugs could allow "someone to easily create a database of the usernames and phone numbers of users of the Snapchat application, in a small timeframe, using phone numbers automatically provided to the app."

Over New Year's, a website - SnapchatDB.info - emerged, with the usernames and censored phone numbers of 4.6 million Snapchat users. The information "was acquired through the recently patched Snapchat exploit," the hackers said. The site has since been pulled offline, and Gibson denied any involvement.

"We don't know SnapchatDB, nor do we condone their breach and release," Gibson said. "For the record we have never communicated with them, nor have we tried."

"Whilst we don't condone the breach, we feel that this event should be taken as a wake up call by Snapchat, hopefully leading to their taking of security considerably more seriously from now on," Gibson concluded.

Snapchat said this week that it will release "an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number."

"We're also improving rate limiting and other restrictions to address future attempts to abuse our service," the company said.

Gibson has a tool on its website, where you can enter your username to see if your information was part of the leak.

About Our Expert

Chloe Albanesius

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio