Feeds

Slurped self-destruct selfie slinger Snapchat so sore, suddenly says sorry

Finally touts update for security hole that didn't hang around for just 10 seconds

Security for virtualized datacentres

The brains behind self-destructing selfies app Snapchat have apologized, and claimed to have now tackled security vulnerabilities that exposed millions of people's phone numbers.

The startup has released an update for its iOS and Android applications that allows users to opt out of appearing in the find-a-friend search feature, which lets people add pals to their Snapchat contacts book using their cellphone numbers.

This service was abused by whistleblowers who used software to harvest the usernames and numbers of 4.6 million people; a partially redacted copy of the data was dumped online as proof that the system was flawed by design. The apps are primarily used by flirty youngsters to send compromising photos of each other, the pics appearing for just a few seconds on the recipient's screen (unless they've learned how to take a screenshot or use a camera).

As well as providing an opt-out switch today, Snapchat has a new mechanism for thwarting automated mass-slurping of account information: you must be logged in, and your cell number verified (presumably by text message), before you can use the "Find Friends" search. Access to this feature is also rate limited – which forces attackers to create a large batch of accounts all tied to real phone numbers in order to reap Snapchat's database again.

"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," the outfit said in a blog post announcing the update.

"We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."

That apology is the first from Team Snapchat on the matter. It was earlier criticized for being unapologetic and dismissive after researchers privately and then publicly warned of the security flaws. Only after the 4.6 million-row database was partially published online did the selfie-sharing crew confirm that a fix was in the works. ®

Internet Security Threat Report 2014

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.