The popular app for sharing short-lived messages Snapchat has updated its mobile apps today to patch a recent hole exposed in its API that allowed hackers to leak 4.6 million usernames and partial phone numbers. The vulnerability in Snapchat’s Find Friends feature has been fixed and Snapchat now allows Snappers to opt-out of linking their phone numbers directly to their usernames. The changes also require users to verify their existing phone numbers using a two-step verification process before being able to use the Find Friends service.
Not to snap to any conclusion, but the young social network has already been heavily criticized for disregarding the Find Friends flaw after being warned by a third party internet security firm about the loopholes in advance of the breach. Snapchat has also been widely condemned for how long it took the team to release this security patch.
This news comes while Snapchat is in hot legal water after an ugly dispute with an ousted co-founder and some less-than-convincing videos leaked from the depositions.
Snapchat finally issued an apology on its blog with the app release announcement:
Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API. We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.
Do you forgive Snapchat? Will you still try to find friends on Snapchat using your phone number?