Snapchat finally offered an apology for its recent hack today after confirming that it has changed the way the vulnerable Find Friends feature works.
“Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API,” the company said in a statement. “We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.”
Snapchat explained that its Find Friends feature will now let people determine whether they want to associate their username and phone number. It also forces users to validate their phone numbers before using the Find Friends features.
On Christmas Eve an Australian security research company called Gibson Security publicly warned Snapchat that its Find Friends feature could let anyone download account names, phone numbers, and also let them set up fake accounts.
This feature associated your username and phone number so people could find you through their address books. The API, however, let hackers download 4.6 million usernames and phone numbers, which were subsequently posted online. The hackers, at the time, blurred out the last two digits of each released phone number in an attempt to mitigate spam and other issues. They did, however, offer to give the uncensored database under the right circumstances (read: who will pay money).
Despite this, however, the hackers said they really hacked Snapchat to show the company that it needs to fix the problem and create awareness around this kind of security threat.
Snapchat originally commented on the hack saying it was aware of the issue in August 2013 and had made some adjustments to compensate for it.