Snapchat confirms 4.6M leak, but isn’t sorry

Snapchat confirms 4.6M leak, but isn't sorry

Snapchat co-founder & CEO Evan Spiegel

Snapchat has belatedly acknowledged the leak of some 4.6 million usernames and telephone numbers earlier this week in an official blog post.

In its post, Snapchat stated that Gibson Security published a report back in August 2013 that warned of the risk of potential ‘Find Friends’ abuse and addressed the issue via rate limiting aimed at addressing these concerns.  Gibson Security was the same security firm that later published Snapchat’s API weakness on Christmas Eve, which the company dismissed at the time.

Funny thing is, Snapchat blames Gibson Security’s report for the massive breach, saying that its exposure of the API vulnerability “made it easier for individuals to abuse our service and violate our Terms of Use.”

Noticeably, not once did Snapchat apologize to its users for the breach. In fact, it didn’t seem to express any remorse, nor admit any guilt at all about the fact that so many of its users were hacked and the personal information posted online.

They did, at least, promised to improve both the service and app in the coming weeks:

“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in ‘Find Friends’ after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service,” Snapchat wrote.

Snapchat didn’t bother get in touch with Gibson Security after the security report was released, and that’s why it’s come in for so much criticism over the breach. Had it done so, the hack could well have been avoided. Instead, all Snapchat did was to post its email address, security@snapchat.com, so security researchers could contact them if they find any other security flaws in the app.

The persons behind the data leak, SnapchatDB, stated that they did so to raise public awareness around security issues, and to put pressure on Snapchat to fix the exploit.

This has almost been like a lesson in public humility, since Snapchat blatantly chose to ignore Gibson Security’s warning, and it immediately paid the price for doing so.

About Mellisa Tolentino

Mellisa Tolentino started at SiliconANGLE covering the mobile and social scene. Over the years, her scope expanded to Bitcoin as well as the Internet of Things. SiliconANGLE gave Mellisa her break in writing and it has been an adventure ever since. She’s from the sunny country of Philippines where people always greet you with the warmest smile. If she’s not busy writing, she loves reading, watching TV series and movies, but what she enjoys the most is playing or just chilling on the couch with with her three dogs Ceecee, Ginger, and Rocky.