HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 3 MINUTES AGO.
You are here: Home / World Wide Web / Snapchat Will Update Vulnerable App
Snapchat Will Update Vulnerable App
Snapchat Will Update Vulnerable App
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
03
2014

Following news that as many as 4.6 million usernames and phone numbers were captured on its site and posted on the Web, social video company Snapchat said late Thursday it will release a new version of the vulnerable app. The company’s response to the breach raises more questions about how prepared businesses are to deal with such leakages of their confidential info, which are becoming more common.

The company has come under heavy criticism for its relatively slow response to addressing the problem, especially since the security group that discovered the flaw, Sydney, Australia-based Gibson Security, first reported it in August. A follow-up warning was published on Christmas Eve. Some of the criticism has been directed at Snapchat’s lack of apology for ignoring the warnings.

In its initial announcement in August, Gibson Security noted that the data obtained from the Snapchat vulnerability “could hypothetically be used to stalk” users, or it could be sold to companies that use the data in conjunction with other databases to create a more complete confidential data profile of users.

Encouraging Users to Find Friends

In a posting Thursday on its official blog, Snapchat noted that it first implemented Find Friends in the early days of the company, in order to encourage people to find other friends using the service. With the optional Find Friends, a user can enter a phone number into a profile, allowing offline friends to find the Snapchat username through the number.

Last Friday, Snapchat acknowledged the vulnerability that Global Security had highlighted. An attacker could upload a large number of random phone numbers, such as from a phone book, and then acquire large numbers of matching Snapchat usernames.

That’s exactly what happened on New Year's Eve, when a hacker or a group calling itself SnapchatDB! posted a database of phone numbers, usernames and the users’ regions. Snapchat said no other data was compromised. The hacker was apparently trying to operate at least partially in “white hat” warning mode, blocking out the last two digits of each phone number. But the posted database also contains the offer for anyone to submit an email to request the unredacted phone numbers, which would be considered “under certain circumstances.”

‘Reluctant at Patching the Exploit’

The information, SnapchatDB! said on the site, “is being shared with the public to raise awareness on the issue.” It added that Snapchat was “too reluctant at patching the exploit until they knew it was too late.” Gibson Security has said it has no connection to the hackers, and the company has criticized the posting of the user data. Gibson has also published a tool on its site so that users can find out if they’re in the purloined database. (continued...)

1  2  Next Page >

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN WORLD WIDE WEB
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
It might not happen today or tomorrow, but a major cyberattack on a telecom network will likely happen in the next decade, and it could bring with it great damage to finances and security.

ENTERPRISE HARDWARE SPOTLIGHT
Making a major change to its usually staid design philosophy, HP unveiled an all-in-one PC with built-in projector and surface-enabled touch, designed to make 3D scanning and printing easy.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.