Snapchat Points Fingers at Gibson Security for Helping Hackers
Snapchat, headed by 23-year old founder Evan Spiegel, is accusing Gibson Security of indirectly helping hackers breach the Snapchat data base. More than 4.6 million usernames and phone numbers were leaked on New Year’s Eve after anonymous hackers dubbed ‘Snapchat DB’ abused the application’s Find Friends service. No other personal details, including messages known as Snaps, were leaked or accessed in the attack, according to Snapchat.
Gibson Security denied any relation with the hacktivist group. “We know nothing about SnapchatDB, but it was a matter of time til something like that happened,” the security group said on Twitter. “Also the exploit works still with minor fixes.”
Snapchat promised an updated version of the application that will allow users to opt out of appearing in ‘Find Friends’ after they have verified their phone number. They also said they will improve rate limiting and other restrictions to prevent future hacking or abuse.
“Let’s hope they aren’t trying to downplay the situation once again and avoid the heat, but instead taking reasonable steps to secure sensitive user information,” Snapchat DB told Reuters. “Actions speak louder than words.”
The hacking group, which claimed to be based in the US and Europe, censored the last two digits of every phone number and claimed they had no malicious intent.
On the defaced webpage, hackers accused Snapshot founders of being “too reluctant at patching the exploit until they knew it was too late.” They also said companies that users trust with their information should be more careful.
Find Friends is an optional service that asks users to enter their phone number so that friends can find their username. Over the past year, Snapchat’s popularity has increased mainly because it allows users, many of them teenage girls, to send private pictures and messages that self-destruct after 10 seconds at most. The application was developed in 2011 by two Stanford University undergraduates.