Days after being warned of a security weakness in its popular app, Snapchat became the target of a widespread cyberattack that affected millions of users, a black eye for a local start-up with sky-high hopes of becoming the next social media juggernaut.
A reported 4.6 million user names and phone numbers were exposed by the New Year's Eve breach. The hackers, who did not want to be identified, told The Times they went after Snapchat to expose the company's security flaws.
Such attacks have become all too common for companies, but for Snapchat, a photo-messaging app based on secrecy, they are especially damaging.
"The problem for Snapchat is kids seek it out because they think it's more secure," said Rob Enderle, principal analyst at technology advisory firm Enderle Group. "This goes against the brand. It makes them seem less secure when their advantage is supposed to be more security."
The hackers published the information on Snapchatdb.info, censoring the last two digits of users' phone numbers to minimize spam and abuse. But they hinted that they would be willing to release the full numbers "under certain circumstances."
When reached by phone, Snapchat co-founder and Chief Executive Evan Spiegel declined to comment.
The Venice company said in a blog post Thursday that "no other information, including snaps, was leaked or accessed in these attacks." Snapchat also said it would be releasing an updated version of the app and was implementing other restrictions "to address future attempts to abuse our service."
User names and phone numbers are not considered sensitive information, so security experts and tech analysts say the Snapchat hack isn't extremely serious.
The bigger problem, they said, is that Snapchat is now seen as vulnerable and thus a target for more severe breaches. A reputation of security problems could cause users to vacate the service, which would be devastating for the company.
The start-up has become a runaway hit with users, who use the app to send images to friends that disappear after a few seconds. Snapchat has become so popular — more than 400 million snaps are sent a day — that Facebook Inc. reportedly offered $3 billion to buy the company.
Snapchat executives turned down the offer, a sign that they thought the company was worth more.
"This kind of problem can scare away users," Enderle said. "Then the valuation plummets and the amount that someone is willing to pay also goes down. So they may find that their next big buyer is not there."
It was yet another high-profile cybersecurity compromise during the holiday season. A few weeks ago, Target Corp. disclosed a massive breach of financial data of 40 million customers, one of the nation's biggest retail cybercrimes on record.
Although the Snapchat hack was significantly less serious than Target's, which exposed credit and debit card information, affected Snapchat users — many of them teenagers — were alarmed that one of their favorite apps had put their personal information at risk.
After finding out about the hack, 15-year-old Brock Renshaw looked on a website that helps users check whether they were affected and discovered that his user name and phone number were exposed.
"I was a little scared," Brock said. "I don't want my phone number to be out there for anyone to take."
The Herrin, Ill., high school sophomore said he uses Snapchat every day to socialize with his friends and said he wished that the company would provide guidance on what affected users should do.
"I don't know if I should delete my Snapchat, make a new one or get a new phone number. I don't know," Brock said.
In an email to The Times, the hackers declined to identify themselves but said that more than one person was involved and that they were from North America and Europe.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," they said. "It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."
No comments:
Post a Comment