Snapchat has released a follow up to the widely circulated vulnerability in its private API that was exploited to expose the phone numbers and usernames of about 4.6 million users, citing that a new feature called "Find Friends" is responsible and as such, will go ahead to release an updated version of Snapchat app that will allow users to opt out of appearing in "Find Friends" after they've verified their phone numbers.

In the blog post, the company acknowledged the possibility for an attacker to use the functionality of "Find Friends" feature to upload a large number of random phone numbers and match them with Snapchat usernames.

The breach on the network was purportedly posted on SnapchatDB.info, which site has long been taken down, exposing a core database containing paired usernames and phone numbers of over 4.6 million Snapchat users.

The company, however, have dismissed the claims as feature aided function and not an outright vulnerability, refuting any need for apologies to its users, but rather had promised making an opt-out provision for offended users instead.

Snapchat Exploit: Security gaffe or Feature bug?

Snapchat has released a follow up to the widely circulated vulnerability in its private API that was exploited to expose the phone numbers and usernames of about 4.6 million users, citing that a new feature called "Find Friends" is responsible and as such, will go ahead to release an updated version of Snapchat app that will allow users to opt out of appearing in "Find Friends" after they've verified their phone numbers.

In the blog post, the company acknowledged the possibility for an attacker to use the functionality of "Find Friends" feature to upload a large number of random phone numbers and match them with Snapchat usernames.

The breach on the network was purportedly posted on SnapchatDB.info, which site has long been taken down, exposing a core database containing paired usernames and phone numbers of over 4.6 million Snapchat users.

The company, however, have dismissed the claims as feature aided function and not an outright vulnerability, refuting any need for apologies to its users, but rather had promised making an opt-out provision for offended users instead.