Following a security breach that exposed the phone numbers of 4.6 million Snapchat users, Snapchat CEO Evan Spiegel initially tried to downplay the failure. But now the disappearing photo-sharing platform has released an update to improve its “Find Friends” feature. The update, for iOS and Android, allows users to opt out of linking their usernames to a phone number.
In addition to improving the problem feature, Snapchat issued a belated apology to users for its security failure.
“We are sorry,” Snapchat wrote in a blog post, finally, after being more emotionally withholding than a dad from a John Cheever story. Snapchat has plenty to apologize for: Not only did the company ignore warnings from a security organization called Gibson Security that this type of thing could happen months before it actually happened, but once these unheeded warnings gave way to a full-blown security crisis, Snapchat still failed to acknowledge the team that tried to help them. Moreover, vague promises of “improvements” don’t instill a lot of confidence that they’ve really plugged this hole.
There are convincing arguments to be made for deleting Snapchat, but I haven’t given up on the company’s potential. Snapchat impressed me with its decision to hire researcher Nathan Jurgenson, whose explorations of the idea of ephemeral technology are remarkable. Snapchat’s founders are young, fratty, and mistake-prone, but I think they are genuinely invested in building a platform for communication that will make people happy. It’s unfortunate that the exposure of the “Find Friends” exploit also exposed the company’s too-lax approach to security.
Actually saying sorry was the right thing to do, even if it was a subdued and overdue mea culpa. It wasn’t enough, though. Snapchat would do well to make some additional security hires, and to acknowledge the work of Gibson Security, and to give customers a more detailed explanation as to how it fixed the Find Friends issue. Saying there have been “improvements” and then offering an opt-out is a terrible way to inspire confidence. It almost makes me think this apology is a PR move, along with hiring a lobbyist, to keep the Federal Trade Commission from fining the company for its security failure.
I believe that Snapchat genuinely wants to be a different type of social media company, but in its brush-off of the hackers pointing out flaws in the system, it’s repeating the same mistakes Facebook has and showing itself to be no better (and maybe even worse) than its predecessors.
Photo via butupa/Flickr