10:21
Unknown
Snapchat on Thursday acknowledged a recent leak of 4.6 million usernames and phone numbers, and said an updated version of the app will let users opt out of participating in the compromised feature.
The company stopped short of apologizing for the leak, and seemed to blame Gibson Security for "publicly document[ing] our API, making it easier for individuals to abuse our service and violate our Terms of Use."
At issue is Snapchat's Find Friends feature, which lets Snapchatters enter their phone number so friends can find their username. "This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username," according to Snapchat.
In August, Gibson Security published a report about vulnerabilities within Find Friends. The firm said it tried but "failed" to contact Snapchat about these problems prior to the report's publication.
"The only contact we've received from Snapchat was one email from Micah Schaffer (Snapchat's Director of Operations) on 28/12/2013," Gibson said on its website.
Snapchat neither confirmed nor denied this assertion in its Thursday blog post, but urged security experts to contact the company via security@snapchat.com with any future bugs.
Gibson's latest showdown with Snapchat came last month when it revealed several vulnerabilities within the Snapchat app. One of those bugs could allow "someone to easily create a database of the usernames and phone numbers of users of the Snapchat application, in a small timeframe, using phone numbers automatically provided to the app."
Over New Year's, a website - SnapchatDB.info - emerged, with the usernames and censored phone numbers of 4.6 million Snapchat users. The information "was acquired through the recently patched Snapchat exploit," the hackers said. The site has since been pulled offline, and Gibson denied any involvement.
"We don't know SnapchatDB, nor do we condone their breach and release," Gibson said. "For the record we have never communicated with them, nor have we tried."
"Whilst we don't condone the breach, we feel that this event should be taken as a wake up call by Snapchat, hopefully leading to their taking of security considerably more seriously from now on," Gibson concluded.
Snapchat said this week that it will release "an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number."
"We're also improving rate limiting and other restrictions to address future attempts to abuse our service," the company said.
Gibson has a tool on its website, where you can enter your username to see if your information was part of the leak.
via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNFSnfbMIWEMox-EDlzWa0P3_tdBOA&url=http://www.pcmag.com/article2/0,2817,2428996,00.asp
Put the internet to work for you.
Posted in: Tablets 4 Kids
0 comments:
Post a Comment