Feeds

Slurped self-destruct selfie slinger Snapchat so sore, suddenly says sorry

Finally touts update for security hole that didn't hang around for just 10 seconds

Remote control for virtualized desktops

The brains behind self-destructing selfies app Snapchat have apologized, and claimed to have now tackled security vulnerabilities that exposed millions of people's phone numbers.

The startup has released an update for its iOS and Android applications that allows users to opt out of appearing in the find-a-friend search feature, which lets people add pals to their Snapchat contacts book using their cellphone numbers.

This service was abused by whistleblowers who used software to harvest the usernames and numbers of 4.6 million people; a partially redacted copy of the data was dumped online as proof that the system was flawed by design. The apps are primarily used by flirty youngsters to send compromising photos of each other, the pics appearing for just a few seconds on the recipient's screen (unless they've learned how to take a screenshot or use a camera).

As well as providing an opt-out switch today, Snapchat has a new mechanism for thwarting automated mass-slurping of account information: you must be logged in, and your cell number verified (presumably by text message), before you can use the "Find Friends" search. Access to this feature is also rate limited – which forces attackers to create a large batch of accounts all tied to real phone numbers in order to reap Snapchat's database again.

"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API," the outfit said in a blog post announcing the update.

"We are sorry for any problems this issue may have caused you and we really appreciate your patience and support."

That apology is the first from Team Snapchat on the matter. It was earlier criticized for being unapologetic and dismissive after researchers privately and then publicly warned of the security flaws. Only after the 4.6 million-row database was partially published online did the selfie-sharing crew confirm that a fix was in the works. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.