2 mins to read

SnapChat admits it has a security problems - but doesn't say sorry

NBR Staff
Sat, 04 Jan 2014

After two days of controversy, photo messaging service Snapchat has admitted it has a security problem, but refused to say sorry.

The super-hot app lets people send photos or videos that disappear between one and 10 seconds after being viewed (although savvy recipients know they can take a screen shot of an embarrassing pic, then save it to their device). 

Today, Snapchat acknowledged that on New Year's Eve, a hacker published a list of Snapchat usernames matched to phone numbers (the hacker voluntarily blanked out the last two digits of each phone number) - and that a flaw it its "Find Friends" feature allowed someone to upload phone numbers en masse then match them to user names.

It says it will release an updated version of its app that allows people to opt-out of Find Friends.

Snapchat has also emphasised that it does not store snaps on its serves after they have been opened - but notes that by necessity it has to store snaps (using a Google cloud service) until a member does open the photo or video. Snaps are stored for 30 days if not opened.

A post by Snapchat trust & safety officer Micah Schaffer says , "Since May 2013, about a dozen of the search warrants we’ve received have resulted in us producing unopened Snaps to law enforcement. That’s out of 350 million Snaps sent every day.

"Law enforcement requests sometimes require us to preserve Snaps for a time, like when law enforcement is determining whether to issue a search warrant for Snaps.

"Only two people in the company currently have access to the tool used for manually retrieving unopened Snaps, our co-founder and CTO, Bobby Murphy (who coded it), and me."

The New Year's Eve publication of Snapchat user names followed a warning from anonymous Australian hacker goup Gibson Security that Snapchat was insecure. Gibson claims it warned Snapchat about the vulnerability in August but was ignored; it subsequently published Snapchat's private API (application programming interface) online.

On November 14, 2013, The Wall Street Journal reported that Snapchat spurned cash offer from Facebook of $US3 billion to acquire the company. Analysts speculate the current controversy could harm Snapchat's private equity value.

NBR Staff
Sat, 04 Jan 2014
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.
SnapChat admits it has a security problems - but doesn't say sorry