Snapchat’s bad security shows how data use policies fail

Your most frequent chat partners are public information on Snapchat, an otherwise fleeting message service.

In their privacy policies and terms of use, the companies that handle our data make plenty of promises about all of the third-party evils they will protect our data from. (Well—the good ones do; the bad ones basically tell you just how they’ll share your data with anyone, so long as there’s money in it.) But those policies contain few limits on what the companies themselves can do with our info or how they will secure it.

Case in point: the messaging app Snapchat gives itself access to users’ phone numbers and usernames, standard for any messaging service. After ignoring months of warnings from Gibson Security that it was possible to tie together usernames and real phone numbers with incessant queries of the service’s Find My Friends feature, the security collective dumped the code to its site. Snapchat took a few days to even acknowledge the problem, and even after hackers created a database with 4.6 million names and phone numbers, the company is still hesitating to apologize or offer its user base reassurance.

Security researcher Chris Soghoian said that a lawsuit against the company for this oversight is extremely likely. Snapchat had the information, and hackers had the opportunity. The damage has been done.

Read 14 remaining paragraphs | Comments

via Ars Technica


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s