Snapchat announced on Thursday that it is improving its app and Find Friends service in light of data leaks that were published online this week. The messaging service was the victim of a hack that leaked the usernames and phone numbers of some 4.6 million users.
The company issued a statement on its blog Thursday afternoon, acknowledging the data breach and promising to make improvements. Snapchat explained the history behind Find Friends, an optional service that allows Snapchatters to enter their phone number so that their friends can find their username.
According to the post, the leak was the fault of “abuse” of its API, though it acknowledged that the way it stores users’ information made it possible for a database of numbers to be used to sniff out and match up usernames to the numbers.
In light of this, Snapchat will make changes to its apps and the service to prevent future leaks. This includes the ability to op out of the Find Friends feature. The company added in the post that it was notified of the possible security risk in August and took steps to correct it, including limiting the speed at which its API could be queried.
Snapchat also posted a response last month to claims of risk that outlined exactly how a hacker could match numbers and usernames. In that post, the company acknowledged, “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”
As TechCrunch notes, that process is exactly what the group behind SnapchatDB.info did. While the database did partially redact phone numbers and usernames, Snapchat assured that “no other information, including Snaps, was leaked or accessed in these attacks.”
You can read Snapchat’s full statement about the breach here.