Snapchat confirms 4.6M leak, but isn’t sorry
Snapchat has belatedly acknowledged the leak of some 4.6 million usernames and telephone numbers earlier this week in an official blog post.
In its post, Snapchat stated that Gibson Security published a report back in August 2013 that warned of the risk of potential ‘Find Friends’ abuse and addressed the issue via rate limiting aimed at addressing these concerns. Gibson Security was the same security firm that later published Snapchat’s API weakness on Christmas Eve, which the company dismissed at the time.
Funny thing is, Snapchat blames Gibson Security’s report for the massive breach, saying that its exposure of the API vulnerability “made it easier for individuals to abuse our service and violate our Terms of Use.”
Noticeably, not once did Snapchat apologize to its users for the breach. In fact, it didn’t seem to express any remorse, nor admit any guilt at all about the fact that so many of its users were hacked and the personal information posted online.
They did, at least, promised to improve both the service and app in the coming weeks:
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in ‘Find Friends’ after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service,” Snapchat wrote.
Snapchat didn’t bother get in touch with Gibson Security after the security report was released, and that’s why it’s come in for so much criticism over the breach. Had it done so, the hack could well have been avoided. Instead, all Snapchat did was to post its email address, security@snapchat.com, so security researchers could contact them if they find any other security flaws in the app.
The persons behind the data leak, SnapchatDB, stated that they did so to raise public awareness around security issues, and to put pressure on Snapchat to fix the exploit.
This has almost been like a lesson in public humility, since Snapchat blatantly chose to ignore Gibson Security’s warning, and it immediately paid the price for doing so.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU