View Count: 124 |  Publish Date: January 03, 2014
Snapchat confirms leak of 4.6M usernames; doesn’t apologize

Two days after hackers used a publicly-known API to download and publish a huge database of Snapchat usernames and phone numbers, Snapchat has finally responded.
Granted, the leak happened late New Year’s Eve, and yesterday was a holiday, so Snapchat’s response isn’t as slow as it might otherwise seem. But the blog post is notable in its lack of an apology.
Snapchat’s response includes a confirmation that Gibson Security’s Snapchat security report is correct, and that it is what attackers used to get the database of 4.6 million usernames and their associated phone numbers.
A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
How Snapchat is addressing the situation: It will be issuing a new version of the Snapchat application, and will allow users to opt out of the “Find Friends” feature (which is the basis of the attack). It is also going to implement rate limiting, to restrict the number of usernames that attackers can download through this kind of exploit, and will add other unspecified limitations to its API.
Snapchat did not say when it would issue a new version of the app or make these changes to its API.
Snapchat raised $50 million in a funding round led by Coatue Managementearlier in December at a valuation rumored to be $2 billion. The company’s founders reportedly rejected a $3 billion acquisition offer from Facebook.Related articlesBehind Snapchat’s rejection of $3B in cash from Facebook: A founder, born into wealthSnapchat cracked: 4.6 million usernames and phone numbers publishedWho needs Facebook? Snapchat is raising another $55M, with a $2B valuationYikes: This new app saves Snapchats without letting the sender know

 API   app   attack   attacker   Find Friends   number   numbers   phone   phone numbers   Snapchat   usernames 

Picture Keywords
 API   app   attack   attacker   Find Friends   number   numbers   phone   phone numbers   Snapchat   usernames 
Time: 1:16  |  News Code: 364003  |  Site: venturebeat
Collecting News by Parset Crawler
Know more about Parset crawler