Snapchat, the popular mobile photo-sharing service, suffered a major information security data breach that involved millions of its users. When the company was initially approached for information, management provided none.

The Corporate Apology

On Thursday, January 9, 2014, over a week after the initial cyber security attack, Snapchat finally apologized for the security breach involving user data that contained usernames, partially redacted mobile phone numbers, and personal data that was made public on the Web.
 
The apology took the form of a blog post on the company website by ‘Team Snapchat’, who promised that the company is continuing to explore ways to improve service in an effort to tighten up future cyber security issues.
The sign-off from the unidentified ‘Team Snapchat’ spokesperson includes the following statement: 
 
“We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.
Love,
Team Snapchat"
 

Updates for App Settings

An update was issued for Snapchat Android and iOS app settings to improve the functionality of the Find Friends feature. With the new settings, Snapchatters can skip linking their mobile phones with their personal user info.
Negative Public Relations
The company came under heavy criticism immediately following the cyber security breach on several counts, the first being an insensitive lack of response or show of concern for Snapchatters whose private information was compromised.
 
To make matters worse, when CEO Even Spiegel was booked on NBC’s Today show, there was no mention of the breach and no offer of apology for the incident.
Did Snapchat Know This Could Happen?
 
The question is, could this have been avoided if only someone at the company had explored the security warning from last year that pointed out the security vulnerabilities of the app? Gibson Security, a group of three security researchers from Australia, discovered that by reverse engineering the Snapchat API, they could communicate with Snapchat’s servers and easily accesses personal user information. 
 
Gibson Security posted this finding last August, with little response from Snapchat other than a posting labeling the ability to reverse engineer the API as being “theoretical” in nature. It’s hard to say whether Snapchat took the warning from Gibson seriously and was trying to correct the problem, or whether they truly just dismissed it out of hand. One thing is for sure though; Snapchat was breached, and now has to suffer the consequences. This breach comes on the heels of numerous others with certainly more to come.
 
New Call-to-action
Jacqueline von Ogden
Post by Jacqueline von Ogden
January 14, 2014
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time