Case in point: the messaging app Snapchat gives itself access to users’ phone numbers and usernames, standard for any messaging service. After ignoring months of warnings from Gibson Security that it was possible to tie together usernames and real phone numbers with incessant queries of the service’s Find My Friends feature, the security collective dumped the code to its site. Snapchat took a few days to even acknowledge the problem, and even after hackers created a database with 4.6 million names and phone numbers, the company is still hesitating to apologize or offer its user base reassurance.
Security researcher Chris Soghoian said that a lawsuit against the company for this oversight is extremely likely. Snapchat had the information, and hackers had the opportunity. The damage has been done.
via Ars Technica http://feeds.arstechnica.com/~r/arstechnica/index/~3/qCkKjoj3s8I/