Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Snapchat: Sorry, not sorry, for that phone number mishap

The 2-year-old company excuses away a security breach with a promised update to its application.

Snapchat's office in Venice Beach, Calif.
Jennifer Van Grove/CNET

Days later, Snapchat isn't ready to offer up any apologies for a vulnerability in a private API that reportedly exposed the phone numbers and user names of 4.6 million of its users. Instead, the company said Thursday that it will release a new version of its app to let members opt out of the offending "Find Friends" feature.

"We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number," the company wrote in a blog post. "We're also improving rate limiting and other restrictions to address future attempts to abuse our service."

Two-year-old Snapchat is a popular iPhone and Android application for sending disappearing picture and video messages. On Christmas Eve, the young company, headed by 23-year-old CEO Evan Spiegel, found itself at the center of a brewing controversy when researchers published the private code for matching user names to phone numbers. The following week, hackers put the exploit to Snapchat's Find Friends feature to use, publishing a database of user names and phone numbers as an apparent attempt to get Snapchat to change its ways.

In its Thursday afternoon blog post, the company admitted that partially redacted phone numbers and user names were released by an attacker on New Year's Eve. "No other information, including Snaps, was leaked or accessed in these attacks," Snapchat said.

Snapchat maintains that what others deem a vulnerability is merely an important discovery feature that has been abused by duplicitous figures. The feature in question, called "Find Friends," asks people to enter their phone number so that their friends can find them on the service.