It took them a couple of days, but Snapchat has finally responded to the hack that resulted in the user info and phone numbers of 4.7 users being exposed. They posted a entry on their blog late yesterday that among other things had this to say:
A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.
And to deal with the perception that Snapchat didn’t take what the security researchers said seriously, there’s this:
We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com.
However if you read through this post, the company never actually says the word sorry. They just say that there was a problem, they’re going to fix it, and if you find something here’s how you contact them. There’s nothing here that should make users feel any safer about using Snapchat. That is a #fail as user information and phone numbers were exposed. Sure the phone numbers were partially redacted. But I bet that if someone tries hard enough, they can make use of that info for evil purposes. Thus the company needs to step up and own that. Snapchat also needs to give their users the feeling that they take their privacy seriously and show some remorse over this hack.
We’ll see if Snapchat actually does that, or do they duck, cover, and hope this blows over.
Like this:
Like Loading...
Related
This entry was posted on January 3, 2014 at 9:08 am and is filed under Commentary with tags hack, Snapchat. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Snapchat Responds To Hack & Fails To Make Anyone Feel Better
It took them a couple of days, but Snapchat has finally responded to the hack that resulted in the user info and phone numbers of 4.7 users being exposed. They posted a entry on their blog late yesterday that among other things had this to say:
A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.
We acknowledged in a blog post last Friday that it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.
We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.
And to deal with the perception that Snapchat didn’t take what the security researchers said seriously, there’s this:
We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns. The best way to let us know about security vulnerabilities is by emailing us: security@snapchat.com.
However if you read through this post, the company never actually says the word sorry. They just say that there was a problem, they’re going to fix it, and if you find something here’s how you contact them. There’s nothing here that should make users feel any safer about using Snapchat. That is a #fail as user information and phone numbers were exposed. Sure the phone numbers were partially redacted. But I bet that if someone tries hard enough, they can make use of that info for evil purposes. Thus the company needs to step up and own that. Snapchat also needs to give their users the feeling that they take their privacy seriously and show some remorse over this hack.
We’ll see if Snapchat actually does that, or do they duck, cover, and hope this blows over.
Share this:
Like this:
Related
This entry was posted on January 3, 2014 at 9:08 am and is filed under Commentary with tags hack, Snapchat. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.