SAN FRANCISCO, (Reuters) – Snapchat, the red-hot private messaging service, said yesterday that it knew for months about a security loophole that allowed hackers this week to harvest millions of phone numbers and announced changes to its systems.
An anonymous group called Snapchat DB posted the usernames and phone numbers of 4.6 million Snapchat users on New Year’s Eve, days after the startup – headed by 23-year old founder Evan Spiegel – brushed off warnings that its app still contained security loopholes.
The hacker group, which claimed to be based in the United States and Europe, made the entire database available for download but redacted the last two digits of every phone number. Snapchat DB said it was working to raise awareness about Snapchat’s security holes, not out of malicious intent.
In its first public statement since the leak, Snapchat said in a blog post on Thursday that no “snaps” – the contents of messages – were compromised or accessed as part of the hack.
Snapchat was first alerted to the vulnerability in August by a security group called Gibson Security. Snapchat said it made changes to its system to address the weaknesses, but the company also published a blog post downplaying the threat as “theoretical” on Dec. 27.