After the
numerous questions which arose on the security issues of Snapchat’s Find
Friends and Bulk Registration apps, Snapchat says that changes will be made to
both Snapchat’s apps and the service in order to prevent future leaks including
being able to opt out of the Find Friends feature that uses phone numbers.
Snapchat
says that it was notified of the possible security risk (publicly) in August
and took some steps to correct it including limiting the speed at which its API
could be queried. Which is what one of the most cringe-worthy security moves in
recent memory, Snapchat responded late last month to claims of risk that
outlined just how a hacker might be able to match usernames to phone numbers.
Also See
: Snapchat account compromised
Snapchat
assures that they will be releasing an updated version of the Snapchat
application that will allow Snapchatters to opt out of appearing in Find
Friends after they have verified their phone number. They said they are also
improving rate limiting and other restrictions to address future attempts to
abuse their service.
Notably,
Snapchat’s public response to this hacking does not include an apology of any
sort to its users who have had their user names or phone numbers publicly
exposed. Perhaps it’s an effort to avoid an acceptance of guilt, but it still
feels like all the effort is in vain.
The
person(s) responsible for releasing the names and numbers informed that their
motivation was to “raise the public awareness for the issue, and also put mob
pressure on Snapchat to get this security loop fixed. It is acceptable that
tech startups have limited resources but security and privacy should not be a
secondary goal. Security equals to user experience.”
Snapchat
has recently commented that it will add an opt-out to its apps which will allow
people to choose not to appear in the Find Friends feature after they’ve used
their phone number for verification purposes.
Snapchat
says that they want to make sure that security experts can get a hold of them when
they discover new ways to abuse their service so that they can respond quickly
to address those concerns. The best way to let them know about security
vulnerabilities is by emailing them: security@snapchat.com.
Let’s see
whether Snapchat has really recovered from its security breach or is it just to
cover up the issue so that the image of the company may not be shadowed.


0 comments:
Post a Comment