NEWS
NEWS
NEWS
Snapchat confirms 4.6M leak, but isn’t sorry
Snapchat co-founder & CEO Evan Spiegel
Snapchat has belatedly acknowledged the leak of some 4.6 million usernames and telephone numbers earlier this week in an official blog post.
In its post, Snapchat stated that Gibson Security published a report back in August 2013 that warned of the risk of potential ‘Find Friends’ abuse and addressed the issue via rate limiting aimed at addressing these concerns. Gibson Security was the same security firm that later published Snapchat’s API weakness on Christmas Eve, which the company dismissed at the time.
Funny thing is, Snapchat blames Gibson Security’s report for the massive breach, saying that its exposure of the API vulnerability “made it easier for individuals to abuse our service and violate our Terms of Use.”
Noticeably, not once did Snapchat apologize to its users for the breach. In fact, it didn’t seem to express any remorse, nor admit any guilt at all about the fact that so many of its users were hacked and the personal information posted online.
They did, at least, promised to improve both the service and app in the coming weeks:
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in ‘Find Friends’ after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service,” Snapchat wrote.
Snapchat didn’t bother get in touch with Gibson Security after the security report was released, and that’s why it’s come in for so much criticism over the breach. Had it done so, the hack could well have been avoided. Instead, all Snapchat did was to post its email address, security@snapchat.com, so security researchers could contact them if they find any other security flaws in the app.
The persons behind the data leak, SnapchatDB, stated that they did so to raise public awareness around security issues, and to put pressure on Snapchat to fix the exploit.
This has almost been like a lesson in public humility, since Snapchat blatantly chose to ignore Gibson Security’s warning, and it immediately paid the price for doing so.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
