Snapchat Vulnerability Exposed

Now you see it…. and then maybe…

Snapchat, another messaging service that is supposed to delete content once it has been sent, recently suffered a “breach,” of sorts.  No sensitive information was released but security researchers wanted to “expose” the vulnerabilities in the service so they gained access to data and then posted user names and phone numbers on a site called SnapchatDB.info and made the data available for download.

The security researchers stated on this website: “This database contains username and phone number pairs of a vast majority of the Snapchat users. This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue. The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”

They also cautioned that they redacted part of the info: “For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.”

Snapchat reportedly is going to update its applications to secure the data; from their website:

“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”

http://blog.snapchat.com/post/72013106599/find-friends-abuse

Security experts have been concerned by the false sense of security that some of these messaging services purport to provide their users.

See NYT blog for more info:

http://bits.blogs.nytimes.com/2014/01/02/snapchat-breach-exposes-weak-security/

UPDATE:

Snapchat reports of customer complaints of an increase in spam but denies that the activity is related to the “Find Friends” breach.

http://blog.snapchat.com/post/73216178814/snap-spam-update

iStock_000022547339Small

 

UPDATE:

–Snapchat settled with the FTC – May 8, 2014–

From the FTC’s Press release:

According to the FTC’s complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to  how the app actually worked.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez.  “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

Under the terms of its settlement with the FTC, Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.  In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.

It appears the settlement was for corrective and compliance actions but no monetary payment.

Read more: http://www.digitaltrends.com/mobile/your-incriminating-selfies-on-snapchat-werent-deleted/#ixzz31WFRFzn6

See also, critique of Snapchat –

http://www.informationweek.com/software/social/5-ways-snapchat-violated-your-privacy-security/d/d-id/1251175

snapchatphoto-8-650x0

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s