Feeds

Slurped self-destruct selfie slinger Snapchat so sore, suddenly says sorry

Finally touts update for security hole that didn't hang around for just 10 seconds

Application security programs and practises

The brains behind self-destructing selfies app Snapchat have apologized, and claimed to have now tackled security vulnerabilities that exposed millions of people's phone numbers.

The startup has released an update for its iOS and Android applications that allows users to opt out of appearing in the find-a-friend search feature, which lets people add pals to their Snapchat contacts book using their cellphone numbers.

This service was abused by whistleblowers who used software to harvest the usernames and numbers of 4.6 million people; a partially redacted copy of the data was dumped online as proof that the system was flawed by design. The apps are primarily used by flirty youngsters to send compromising photos of each other, the pics appearing for just a few seconds on the recipient's screen (unless they've learned how to take a screenshot or use a camera).

As well as providing an opt-out switch today, Snapchat has a new mechanism for thwarting automated mass-slurping of account information: you must be logged in, and your cell number verified (presumably by text message), before you can use the "Find Friends" search. Access to this feature is also rate limited – which forces attackers to create a large batch of accounts all tied to real phone numbers in order to reap Snapchat's database again.

"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," the outfit said in a blog post announcing the update.

"We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."

That apology is the first from Team Snapchat on the matter. It was earlier criticized for being unapologetic and dismissive after researchers privately and then publicly warned of the security flaws. Only after the 4.6 million-row database was partially published online did the selfie-sharing crew confirm that a fix was in the works. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.