Snapchat is an app that helps users connect by allowing them to send pictures which will quickly disappear after sending. However, on New Year’s Day, they shared a lot more than they wanted to when their databases were hacked and information of 4.6 million users was leaked.
This information included the phone number of these users, which in itself would be difficult to use for identity theft. However, any security breach needs to be looked at carefully because it means that there are flaws in the in the security of the breached entities. In addition, criminals could use social engineering scams coupled with this personal information, to commit identity theft.
This is not an isolated incident. Recent reports cite that 100% of top 100 paid android apps have been hacked. For consumers that believe this issue doesn’t pertain to them because they have an iPhone, be aware that 56% of the Apple iOS top 100 paid apps have been hacked. This issue merits attention from all app users because according to these statics , there is a 78% chance of app users having an interaction with an app that has been hacked.
The case with Snapchat is interesting for a few reasons. One is that the hackers admitted to the hack immediately and stated that they had only performed the task to force Snapchat to fix the security flaw that they had pointed out to the company previously. Second is that initially the company did not apologize for the breach, but instead chose to explain to consumers how it happened. I think most people, who like me do not have a degree in Information Security, would be more concerned with preventing future breaches, rather than with how it happened.
That being said, the company did finally come out a week after the security breach and apologize for it. In that communication Snapchat also stated they had new security measures to in place to prevent future security lapses. Users can now also opt-out of having their phone number linked to their account. Giving your phone number to the application to use was always optional, but, like many applications, providing your phone number helped users connect with people in their phone book. This is yet another example of convenience vs security. It is very convenient to be able to find your friend on an application by handing over personal information, but your security is then at risk because you no longer have complete control over how your information is protected.
In the end, there is a lesson to be learned from the Snapchat hack which is that consumers need to understand the risks of mobile apps before agreeing to use them. The best way to avoid such problems is to read and understand the permissions required for use , and that that any information you provide to them is absolutely necessary for the application to work. Otherwise you’ve given over control of your information.
“Why You Should Care About the Snapchat Hack” was written by Nikki Junker. Nikki is the Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.