The company has come under heavy criticism for its relatively slow response to addressing the problem, especially since the security group that discovered the flaw, Sydney, Australia-based Gibson Security, first reported it in August. A follow-up warning was published on Christmas Eve. Some of the criticism has been directed at SnapchatEUs lack of apology for ignoring the warnings.
In its initial announcement in August, Gibson Security noted that the data obtained from the Snapchat vulnerability EUcould hypothetically be used to stalkEU users, or it could be sold to companies that use the data in conjunction with other databases to create a more complete confidential data profile of users.
In a posting Thursday on its official blog, Snapchat noted that it first implemented Find Friends in the early days of the company, in order to encourage people to find other friends using the service. With the optional Find Friends, a user can enter a phone number into a profile, allowing offline friends to find the Snapchat username through the number.
Last Friday, Snapchat acknowledged the vulnerability that Global Security had highlighted. An attacker could upload a large number of random phone numbers, such as from a phone book, and then acquire large numbers of matching Snapchat usernames.
ThatEUs exactly what happened on New Year's Eve, when a hacker or a group calling itself SnapchatDB! posted a database of phone numbers, usernames and...