Snapchat on Thursday finally apologized for last month’s data breach. A website dubbed “SnapchatDB.info,” which went live on New Year’s Eve, published the user names and phone numbers of 4.6 million Snapchat accounts.
The breach was discovered by Gibson Security, which explained in an online post how the Snapchat service could be hacked.
The company has updated its Android and iOS apps, and it now allows users to opt out of the Find Friends functionality that harvested the leaked data, it said in a blog post.
Snapchat will continue to make improvements to prevent future attempts to abuse its API, it added.
“We are sorry for any problems this issue may have caused you and we really appreciate your patience and support,” it said. “Love, Team Snapchat.”
Snapchat was less conciliatory in the immediate aftermath of the data breach. CEO Evan Spiegel previously maintained the company had done enough to remedy the problem, which he blamed on abuse of the API, in an interview on NBC’s Today.
Target for Hackers
Snapchat differentiates itself by letting users share photos, videos, text and drawings that disappear within 1-10 seconds. The company’s security woes are unlikely to vanish as easily.
“Services like Snapchat have been primary targets for hackers for a long time — but when a CEO says that there isn’t an issue, and essentially dares hackers to try and grab user info, well, it’s like saying bring it on to Mike Tyson,” said Josh Crandall, principal analyst at Netpop Research.
“They heard the challenge, they came, they hacked, and they succeeded. You’d think that savvy digital entrepreneurs would get it, but Snapchat’s team obviously didn’t in this case,” he told the E-Commerce Times.
“A company that bases its value proposition on the anonymity of its customers needs to take special measures to ensure that anonymity isn’t compromised,” said Paul Gillin, principal analyst at Paul Gillin Communications.
“Will people ever trust the service again? Probably, if there is no recurrence,” he told the E-Commerce Times.
“Many companies have had their customer databases compromised and have survived the fallout,” Gillin added. “However, Snapchat is off to a very bad start from a reputation perspective. I hope the young founders will bring in some adult supervision to help anticipate and respond to future crises.”
Snapchat’s About Face(book)
Security isn’t Snapchat’s only problem. This latest debacle follows a legal brouhaha with ousted Snapchat cofounder Frank Reginald Brown, who claims he came up with the idea for disappearing content. Snapchat sought a temporary restraining order to prevent him from publicly discussing the case.
The company made headlines in November when news broke that it had turned down Facebook’s US$3 billion all-cash acquisition offer. The rejection reportedly was due to competing interests from other investors and potential suitors, including China’s Tencent Holdings.
“Snapchat was foolish not to take the $3 and $4 billion offers,” Greg Sterling, principal analyst at Sterling Market Research, told the E-Commerce Times.
“The belated apology and earlier indifference is an example of immature management and some degree of insensitivity to users,” he pointed out.
“It’s extremely unlikely that Snapchat will go public,” Sterling continued. “Thus it will likely be acquired. The question is whether the company can maintain its growth and momentum and convince someone to pay $5 billion or more for its user base. It probably has to accomplish this within the next 12 to 24 months at the outside.”
Based on Principle
Why did the company spurn Facebook’s cash and other offers? Perhaps there was concern that like a handful of other hot startups, making a deal too soon would result in receiving less than its potential full value. On the surface, though, Snapchat’s decision was lofty.
“Snapchat’s refusal of Facebook’s $3 billion offer seems to have been based on principle — that FB doesn’t respect users’ privacy,” said Crandall. “If that’s the case, one wonders even more about why senior management challenged the hacker community. So much for bravado.”
Snapchat might be able to move past these early missteps and regain user trust if it can ensure users that the service is safe. Otherwise, the company’s value could be very much in question.
“It’s doubtful that this latest breach will have an immediate impact on use of the service, but it’s another reminder to users that privacy is hard to ensure on the Web,” noted Crandall.
“User loyalty and trust in social sites over time is more of an issue,” he said.
“Some Snapchat users who are concerned about the repercussions of data leaks will think twice about what they are sharing on the service,” Crandall pointed out. “Social is here to stay, but the big question is, which social services will step up to protect their users from embarrassing breaches of privacy?”