The creators of the immensely popular photo-sharing app Snapchat have admitted that a security flaw led to millions of users' phone numbers and user names being leaked earlier this week -- despite being warned months ago of the vulnerability. The company promised an updated version of the app soon.
Snapchat, which lets users exchange pictures that automatically delete themselves after a short countdown, is popular among younger smartphone users, those who think of texting and other chat apps as old-fashioned or perhaps too permanent a medium in which to communicate.
As the company wrote in a blog post Thursday:
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
A previous company post, published on Dec. 27, said that such an attack was "theoretically" possible but that recently added safeguards would make it very difficult to pull off.
Apparently more safeguards are required; fortunately, only usernames and numbers were leaked. An update will be rolling out to the app soon.