Snapchat will release a more secure version of its disappearing-message app after a security breach in which hackers collected and published the usernames and phone numbers of several million users.
The company says in a new blog post that the updated version will let users opt out of the "Find Friends" feature.
The feature allows users to enter their phone number in order to make it easier for friends to find their username. But a vulnerability also allows any attacker to upload a large number of random phone numbers and match them with Snapchat usernames.
That's what happened on New Year's Day, when unidentified hackers published 4.6 million Snapchat usernames and redacted phone numbers on a website called snapchatdb.info, which has since been suspended.
In the blog post, published on Thursday afternoon US time, Snapchat confirmed that no other information, such as messages, was leaked by the hackers.
The company also said it would improve basic security measures such as "rate-limiting", which involves capping the number of requests, including log-in attempts, a website can process.
An Australian security firm, Gibson Security, says it first informed Snapchat about the Find Friends vulnerability several months ago but received no response.
Gibson warned Snapchat a second time on Christmas Day, releasing on its website more details on how hackers could exploit the vulnerability.
In a blog post at the time, Snapchat responded that it had implemented "various safeguards" over the past year that would make it more difficult to steal large sets of phone numbers, but did not detail them.
The security breach demonstrated that the safeguards were not sufficient.
