On New Year’s Eve, hackers released the partially redacted phone numbers and user names of 4.6 million Snapchat users. Snapchat responded today to the security breach with a statement explaining what happened.
The company once again confirmed the existence of the exploit that allowed the breach to occur. It took advantage of a security hole in the Find Friends feature, which was added to make it easier for Snapchat users to find other Snapchatters using their address book. Though user names and phone numbers were compromised, Snapchat confirmed that no other information, including Snaps, were accessed in this breach.
Snapchat also confirmed that the company is working on an updated version of the Snapchat application that will allow users to opt out the Find Friends feature. It will also take other measure to prevent future abuses of the service. To make it easy for security researchers to contact the company, Snapchat has setup an email account, firstname.lastname@example.org, dedicated to security vulnerabilities.