- Network of fake news sites in Michigan appears to be right-wing propaganda effort Today 6:30 AM
- ‘BoJack Horseman’ hints at a brutal reckoning in its final season Today 5:30 AM
- How to stream Barcelona vs. Slavia Praha in the Champions League Today 2:00 AM
- How to stream Chelsea vs. Ajax in the Champions League Today 1:00 AM
- People are using #WheresLindsey to criticize Graham over Trump ‘lynching’ defense Tuesday 8:22 PM
- 2 Proud Boys sentenced to 4 years in prison for attacking antifa protesters Tuesday 7:20 PM
- Paul Joseph Watson is very upset by bartender serving beer with her butt Tuesday 6:24 PM
- Twitter developing a policy to combat deepfakes Tuesday 5:28 PM
- The Nate Diaz vs. Jorge Masvidal bout at UFC 244 is perfect for NYC and its fight mecca Tuesday 5:27 PM
- Alexis Bledel named most dangerous online celebrity Tuesday 5:02 PM
- Kylie Jenner trademarks ‘rise and shine’ after meme success Tuesday 4:50 PM
- ‘Watchmen’ website expands what you know about its alt-history Tuesday 4:31 PM
- Smoke ’em, pass ’em Week 8: Mark Walton szn Tuesday 4:26 PM
- Venmo’s first-ever credit card to launch in 2020 Tuesday 3:46 PM
- Wet Kylo Ren may turn everyone to the dark side Tuesday 3:15 PM
Snapchat finally responds to recent privacy hacks
They should probably hire some of these people hacking the crap out of them.
Snapchat’s inner circle probably had a rougher New Year’s hangover than most, seeing as 4.6 million accounts were compromised on January 1. The security breach happened after an Australian hacking collective called Gibson Security published a detailed account of a gap in Snapchat’s security system. Gibson Security called this the “Find Friends exploit” since it could potentially unveil Snapchat user phone numbers using the Find Friends feature. Snapchat published a blog post addressing the exploit, but didn’t boost security enough to prevent the actual information hack, which was carried out by an anonymous group running a website called SnapchatDB.
Snapchat acknowledged Gibson Security’s efforts (but didn’t bother to name the group) in another blog post today, and provided a dedicated email address for security issues, which is a start.
Too bad Gibson Security is still the organization that has actually done something to help people who have been hacked in this instance, creating a database that allows people to look up whether their accounts get hacked. I checked mine and was clear, but you might not be so lucky. And while Snapchat is doing the right thing by responding to this hack and taking measures to diminish chances of abuse, the company should’ve linked to the Gibson Security tool if it truly wanted to be considerate to its fans. Additionally, the wording of the blog post makes it sound like this problem isn’t going to be totally fixed.
Look at the improvements Snapchat says it’s going to make:
“We will be releasing an updated version of the Snapchat application that will allow Snapchatters to opt out of appearing in Find Friends after they have verified their phone number. We’re also improving rate limiting and other restrictions to address future attempts to abuse our service.”
OK, the second part sounds good, albeit incredibly vague to the point of meaninglessness. As for the first part, an opt-out option is always appreciated, but it’s weird that Snapchat never mentions fixing this specific vulnerability. It’s almost as if Snapchat, I don’t know, didn’t completely fix it.
Snapchat is a young company and it’s going to have security breaches. All major social networks do. It’s not so troubling that Snapchat messed up and left a gap in security; that was bound to happen. It is troubling that the platform seems so cavalier in its response.
Gibson Security released its own blog post responding to Snapchat’s lukewarm mea culpa, also pointing out that Snapchat never explained if the exploit was fixed. Gibson Security is rightly annoyed at Snapchat’s cold treatment, and next time an exploit is uncovered it may not be uncovered by hackers with good intentions.
Photo via Alexandre Dulaunoy/Flickr
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.