Gibson Security, the group behind the initial exploit claim, was ignored by Snapchat until recently when it released a full report detailing how a hacker could actually use Snapchat’s friend-finding feature to obtain phone numbers.
With the exploit, a hacker could reportedly take hold of thousands of US phone numbers within a matter of minutes, something that Snapchat is far from worried about according to its most recent blog post.
Theoretically, if someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way, – Snapchat
Snapchat, and other apps which allow users to find their friends through a phone’s address book, have all come under fire for this type of discovery mechanism. By allowing users to find their friends with the help of a smartphone’s built-in address book, Snapchat suddenly has access to phone numbers which is something that has concerned security researchers for quite some time.
Maybe [Snapchat CEO] Evan Spiegel will fix it when someone finds his phone number via this? – Gibson Security researchers, in response to Snapchat’s post
Although Snapchat does not seem to be worried by Gibson’s report, it has added extra security features in order to please users who were startled by the thought of strangers have access to their private phone numbers.
The messaging service has seemingly been annoyed by Gibson’s researchers claiming that this is a real issue, and that annoyance could be seen in Snapchat’s blog post.
We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us. – Snapchat
Out of all the security researchers that Snapchat has gotten along with in the past, it seems safe to say that Gibson Security is not a group that the service is fond of.
Image Credit: Business Insider