Snapchat on Thursday confirmed that millions of user accounts were compromised in a recent breach that exposed phone numbers and user names. Anonymity is a key aspect of the Snapchat service for many people, some of whom use the messaging app to exchange risqué photos and videos without revealing their identities. As such, users were not happy to learn that approximately 4.6 million Snapchat accounts were exposed in this latest breach. To compound matters, however, Snapchat has confirmed in a statement that it knew about the security vulnerability that led to the breach for months but failed to fix it.

“A security group first published a report about potential Find Friends abuse in August 2013,” Snapchat said in a statement. “Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.”

While the company said that it took steps to address the loophole brought to light this past summer by cybersecurity group Gibson Security, those measures were clearly ineffective. Moving forward, Snapchat plans to give users a way to protect themselves in an update that might be considered too little, too late.

“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number,” the company said in its statement. “We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”