January 10, 2014
Snapchat Apologizes For Data Hack, Updates Find Friends Feature
Enid Burns for redOrbit.com - Your Universe Online
It took longer than the time it takes for its images and videos to disappear after viewing, but Snapchat released an update to its Find Friends functionality and issued an apology for the problems that occurred after 4.6 million usernames and phone numbers were exposed due to a vulnerability in the photo messaging service's system. The patch addresses those issues, though it took a week for the release to come out.
Snapchat buried the apology beneath news of the update, and what it addressed. The update doesn't necessarily close up the security issue, but allows users to opt out of the issue that makes them vulnerable.
"This morning we released a Snapchat update for Android and iOS that improves Find Friends functionality and allows Snapchatters to opt-out of linking their phone number with their username. This option is available in Settings > Mobile #," said a blog post announcing the update, which was signed "Love, Team Snapchat."
New Snapchat users will have to verify their phone number before they can use the Find Friends service.
The vulnerability that exposed user names and phone numbers was identified by a group of security researchers known as Gibson Security. The group posted about the vulnerability on Christmas Eve after attempts to contact Snapchat went unanswered. A week later, on New Year's Eve, unidentified hackers posted details from the Snapchat user base. It was at that point that Snapchat acknowledged the issue, though it has now been another week and the issue is just now being resolved.
"Waiting a week to address the theft of the identities of the entire user base of Snapchat was also an arrogant move," Paul Gillian, principal analyst at Paul Gillian Communications, told RedOrbit.
The blog post also pushed the blame to abuse of the Snapchat API, rather than a security hole that the startup social media company let remain open for a period of time.
"Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API. We are sorry for any problems this issue may have caused you and we really appreciate your patience and support," the post said.
The arrogance noted by Gillian goes beyond taking a week to address a security breach - which the company had the opportunity to fix before it came into the public eye.
Snapchat rejected a $3 billion acquisition offer from Facebook.
"Evan Spiegel has explained that he rejected the offer because he wanted to have the opportunity to build a great business. However, with $750 million in your pocket, you can build a lot of businesses. It was a decision that reeks of arrogance, and unfortunately Spiegel is beginning to develop a reputation for arrogance," Gillian said.
An acquisition might help founder Evan Spiegel with a fresh start. But the breach has the potential to turn users away.
The start-up is also facing charges that it shut out one of the co-founders, Frank Reginald Brown.
These events might make Spiegel wish that Snapchat would become a part of his (unviewable) history.