More than a week after attackers raided personal information on 4.6 million Snapchat users, the messaging service has issued a formal apology on its blog. (For those unaware, Snapchat messages vaporize within seconds of opening.)
“Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API,” read that Jan. 9 posting. “We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.”
Snapchat has also released an update for Android and iOS that not only improves the basic functionality of the app’s Find Friends feature, but also allows users to opt out of linking a username with a phone number.
But as many pundits noted at the time, that first message very conspicuously came without an apology, despite Snapchat confessing it’d been aware of the underlying vulnerability for quite some time. The attackers who snatched up that user database helpfully redacted the last two digits of every phone number, but claimed they’d be willing to release that additional information under specific circumstances. For its part, Snapchat claims that no other data, including messages, was leaked or accessed in the attacks.
Adding insult to injury, Snapchat had downplayed the possibility of a breach in the days leading up to the hack. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,” read the company’s Dec. 27 blog posting. “Over the past year we’ve implemented various safeguards to make it more difficult to do.”
Now there’s an apology out there. But will that persuade Snapchat users to stay with the service—if they’re even leaving at all?