Click to Skip Ad
Closing in...

Snapchat knew for months about major security hole but failed to fix it

Updated Jan 3rd, 2014 11:58AM EST
Snapchat Hack

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Snapchat on Thursday confirmed that millions of user accounts were compromised in a recent breach that exposed phone numbers and user names. Anonymity is a key aspect of the Snapchat service for many people, some of whom use the messaging app to exchange risqué photos and videos without revealing their identities. As such, users were not happy to learn that approximately 4.6 million Snapchat accounts were exposed in this latest breach. To compound matters, however, Snapchat has confirmed in a statement that it knew about the security vulnerability that led to the breach for months but failed to fix it.

“A security group first published a report about potential Find Friends abuse in August 2013,” Snapchat said in a statement. “Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”

While the company said that it took steps to address the loophole brought to light this past summer by cybersecurity group Gibson Security, those measures were clearly ineffective. Moving forward, Snapchat plans to give users a way to protect themselves in an update that might be considered too little, too late.

“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number,” the company said in its statement. “We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.