When something is too good to be true, it usually is and Snapchat may now be paying the price. For a few weeks, the social media app founders have not seriously addressed security companies who explained a security flaw. The flaw could access user information via the “Find Friends” feature and expose millions of users phone numbers and usernames. Snapchat took to their blog in later Dec. advising it was possible, but did not present any real solutions of prevention. Until now. Expect an updated app to be released with security safeguards for the “Find Friends” feature.
A group stepped forward to show exactly why Snapchat should regard the warnings more seriously. An anonymous group called Snapchat DB posted the usernames and the contact phone numbers of 4.6 million users. The group was not fully malicious, they did withhold the last two digits of the phone numbers. The group only had one goal: to wake Snapchat founders, Evan Spiegel and Bobby Murphy, up.
In August, Gibson Security rapped on Snapchat’s digital doors to warn of the weaknesses. Snapchat originally stated it did review the security vulnerabilities and advised users the review displayed a potential, but the app has safeguards in place. Those safeguards were not listed specifically. Now it seems Snapchat is finally going to address the issue more seriously.
In a blog post, the founders states they would update the app to allow users to have a choice to opt out of the the “Find Friends” feature. The feature does require a phone number, now users can skip opt out of that feature after confirmation of their number. Additionally, Snapchat states no pictures or videos were accessed. With over 4.6 million usernames exposed, that is a small comfort to those who wonder what may be the next flaw found and not addressed immediately.
Perhaps, seeing the intent possible, Snapchat will deliver a fundamentally sound platform for their users. Certainly, no platform is 100 percent secured, but bypassing an obvious flaw brought by reputable security companies, was inexcusable on Snapchat’s behalf. Address the issue and more importantly, an apology to their users would have been beneficial.
While Snapchat states they addressed Gibson’s inquiry to a flaw in August, SnapchatDB states they had very minor obstacles to overcome and expose the names and numbers of the millions of users. Social media is continually on the rise, especially with new apps that attract teenagers and young adults. Considering a majority of teens are accessing the photo and video sharing app, any additional security flaws may become frightening to parents.
Reviewing security measures with the family, including phones and apps accessed is detrimental. It is recommended not to expose personal details on social media such as phone numbers, addresses or pictures/videos one would not want to share with a public audience. Changing passwords should be a fabric of consistency for users – this is for all social media platforms. Maintaining the same password for email accounts, banking and social media makes individuals more vulnerable. Varying passwords with different complexity levels will help to slow security exposures. Consider usernames as well when creating them and consider the possibilities of who may see and access said usernames.
Even with numbers redacted, a savvy hacker will be willing to take time to figure them out. Consider any accounts (including banking and emails) associated with the listed phone numbers. Be aware of information disclosed while accessing social media apps. In addition, keep aware of information the social media platform is releasing. Snapchat stated on their blog post they will be releasing an updated version of Snapchat. Users would be wise to stay updated on their apps and opt out of information sharing, as much as possible.