Snapchat was repeatedly warned by Gibson Security about a potential exploit that could allow hackers to steal user information, but the company chose to ignore the warnings. Shortly after Snapchat assured users that the exploit presented no danger to them, hackers managed to steal information from over 4.6 million Snapchat accounts using that same exploit. Snapchat has only just recently acknowledged the security breach but has not apologized and has not acknowledged the efforts of Gibson Security.
Snapchat’s inner circle probably had a rougher New Year’s hangover than most, seeing as 4.6 million accounts were compromised on January 1. The security breach happened after an Australian hacking collective called Gibson Security published a detailed account of a gap in Snapchat’s security system. Gibson Security called this the “Find Friends exploit” since it could potentially unveil Snapchat user phone numbers using the Find Friends feature. Snapchat published a blog post addressing the exploit, but didn’t boost security enough to prevent the actual information hack, which was carried out by an anonymous group running a website called SnapchatDB. Snapchat acknowledged Gibson Security’s efforts (but didn’t bother to name the group) in another blog post today, and provided a dedicated email address for security issues, which is a start.