It seems that damage control is the only recourse left to Snapchat. It has just announced the release a promised update that, in its eyes, adequately addresses a security issue that has quickly tarnished whatever good reputation it had in just two weeks.
The events surrounding this Snapchat drama happened swiftly and mercilessly. On Christmas day, security research firm Gibson Security published a pair of exploits, including sample code, in exasperation after what they described were Snapchat’s refusal to acknowledge, much less address, the issues. Now that the cat’s out of the bag, Snapchat naturally responded and claimed that there are several safeguards in place to prevent such abuses from happening.
As they say, only time will tell, and in this case, it only took less than a week. Come New Year’s Day, someone effectively used those exploits to gather around 4.6 million Snapchat user names and numbers. Snapchat issued another statement admitting to the existence of the exploit but defending that its approach to the problem, which simply involved rate limiting, was the correct path to take. Additionally, they promised to release an update to their Android and iOS apps that will let users opt out of these exploitable features.
That update is now rolling out and once it has hit users, they will be able to opt out of the Find Friends feature. They can also choose to disassociate their phone numbers from their user names, making it harder, though not impossible, to match those up should anyone manage to scrape the Snapchat database again. Unfortunately, new users will still have to verify their Snapchat accounts with their phone numbers should they wish to use the Find Friends feature. Of course, the damage has been done and, after all those press statements, Snapchat has issued one line of apology for the inconvenience the exploit has caused.