Snapchat is to release an updated version of its mobile app for exchanging self-destructing photos and videos after hackers downloaded usernames and phone numbers for 4.6 million accounts.
The hack highlighted security weaknesses in the Find Friends service, which enables users to find people they know who are also using the service by entering their phone number.
This meant that attackers could use the service to upload a large number of random phone numbers and match them with Snapchat usernames.
The hack came days after Australian firm Gibson Security warned that a vulnerability in the Snapchat app could be exploited to reveal the phone numbers of users.
The new version of Snapchat will enable users to opt out of appearing in Find Friends once they have verified their phone number.
Snapchat acknowledged the vulnerability in a blog post ahead of the hack, but said at that time that it had taken measures to protect users’ data.
However, the hackers said that despite these measures, it was still possible to harvest user data on a large scale.
Snapchat also said that as well as allowing users to opt out of appearing in Find Friends, it will improve “other restrictions to address future attempts to abuse our service”.
The firm has also set up an email address to ensure security experts can pass on any new ways they may discover to abuse Snapchat to enable a quicker response.
“The best way to let us know about security vulnerabilities is by emailing us: firstname.lastname@example.org,” the app maker said.
In the wake of the hack, Gibson has set up a website to enable Snapchat users to check if their details were leaked.
According to Gibson, the affected Snapchat users were in the US, so UK users are unlikely to be affected.
The site also offers advice to anyone who had their data leaked: “If your data has been leaked, don’t freak out! There are a few things you can do if you’ve been affected.
“First and foremost, you can delete your Snapchat account here – sadly, this won’t remove your phone number from the already circulating leaked database.
“If you feel that you’d rather unscrupulous entities not potentially have your phone number, you’re free to contact your phone TelCo, and request that they give you a new number.
If you detail the breach, they’ll almost certainly give you a new one.
“Lastly, ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up – if you don’t think a service requires your phone number, don’t give it to them.”
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com