90.9 WBUR - Boston's NPR news station
Top Stories:
PLEDGE NOW
Here and Now with Robin Young
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Friday, January 3, 2014

Snapchat Warned Before Hack About Vulnerability

Snapchat, the photo messaging service, says it plans to offer a more secure version of its application.

This comes after a security breach in which hackers published the names and phone numbers of 4.6 million users online.

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Gibson Security, an Australian security firm conducted a thorough review of Snapchat and warned the company the security vulnerability prior to the breach.

Snapchat posted a statement on its website explaining the breach that reads in part:

When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends. Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.

Marty Schenker, the executive editor of Bloomberg News, joins Here & Now’Meghna Chakrabarti to discuss Snapchat’s response to the security breach.

Guest

  • Marty Schenker, executive editor of Top News for Bloomberg. He tweets @mschenker.

Transcript

MEGHNA CHAKRABARTI, HOST:

From NPR and WBUR Boston, I'm Meghna Chakrabarti. This is HERE AND NOW.

Snapchat, that popular instant photo smartphone app with the ghost icon - if you don't know it, ask a teenager in your life - well, it's supposed to be a leading app in what could be called the new invisible Internet, because your snaps disappear after a few seconds. But as you probably heard, Snapchat became the latest victim of cyber attacks. Hackers collected and then published user names and phone numbers of some 4.6 million Snapchat users. Snapchat has issued as statement saying, it will release a new version of the app. But does that make any difference?

Marty Schenker is executive editor for news at Bloomberg News, and he's with us now to discuss. Hi there, Marty.

MARTY SCHENKER: Hi.

CHAKRABARTI: So first of all, let me ask you, are you a Snapchat user?

SCHENKER: No, but I am sometimes a recipient of some Snapchats.

(LAUGHTER)

CHAKRABARTI: OK. Great. So maybe not in that one. 12 to 16 demo that surprised amongst the app developers. But first of all, I understand that all this began back on Christmas Day with a warning that Snapchat received. How did the eventual cyber attack happened?

SCHENKER: Well, a self-appointed Web policer of securities had put out a - called Gibson Security - and told Snapchat, look, the way you have set up this Fine Friends feature that they implemented was subject to abuse. And you should really do something about it.

CHAKRABARTI: And then someone actually ahead and did that, right(ph)?

SCHENKER: Well, the response from Snapchat was rather vague. They basically came back and said, this whole notion of hacking our website is theoretical, which is like waving a red flag. And hackers went in and showed them, here's what we can do.

CHAKRABARTI: OK. So that's how what was supposed to be invisible became visible. And now, I see Snapchat has released a statement, announcing that they will release an updated version of their application - of their app, which will allow people to opt out of that Fine Friends feature. But I wonder - I mean, for Snapchat users, isn't that part of the glory of the app, is that it's actually easier to find folks to send snaps to with the feature on?

SCHENKER: Absolutely. They're caught in somewhat between a rock and a hard place. They do need to protect user security. And, in fact, none of those Snapchat photos themselves were put up on the Web. It was just user names and phone numbers. But they are going to have to figure out a way to allow for the social media experience of sharing invisible photographs and still protect their users' privacy.

CHAKRABARTI: Yeah, I know.

SCHENKER: It's not going to be easy.

CHAKRABARTI: Not going to be easy. You know, keen listeners will remember that it wasn't that long ago that Facebook offered Snapchat some $3 billion in cash to buy the company. And Snapchat said, no. It's a hot commodity, in part because it is still popular, especially amongst teens. Some 400 million snaps sent each day. What do you think this security breach might mean for the company's reputation?

SCHENKER: Well, it - in terms of their business model, it'll probably doesn't mean a lot. You can see on the Web right now, a lot of people are just calling this, you know, inexperience. And they're a young company. They've not yet gone public. And they need to figure out their response. And young people tend to basically shrug these things off. While expressing exasperation, they continue to use Snapchat.

CHAKRABARTI: You know, Marty, what's interesting is that, obviously, in the past several weeks and months, Snapchat isn't the only company that's had a major security breach. Just two days ago, on the first of the year, Skype's Twitter account was hacked into reportedly by the Syrian Electronic Army. And, of course, the retail giant Target victim of a massive cyber attack, where some 40 million customer debit and credit card numbers were stolen over a two-week period after Thanksgiving. How much do these cyber attacks actually cost the companies who were victims of them?

SCHENKER: Well, I don't know that anybody has really computed the number. But what is true, that companies that protect other companies for this are just surging in the stock market. So there's value there.

CHAKRABARTI: Marty Schenker, Bloomberg's executive editor for news. Thank you as always, Marty.

SCHENKER: You're welcome. Thanks.

CHAKRABARTI: You're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.


Please follow our community rules when engaging in comment discussion on this site.
Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

November 27 Comment

Poet David Roderick Explores What It Means to Be American

Award-winning poet David Roderick joins us on this Thanksgiving to discuss his second book, "The Americans."

November 27 Comment

Mother Of Released Hostage Theo Padnos Speaks Out

Nancy Curtis discusses her son's capture and the behind-the-scenes negotiations that led to his release in August.

November 26 2 Comments

UC President Janet Napolitano Says Tuition Must Rise

Napolitano defends the planned tuition increases, which some students and lawmakers say are too steep.

November 26 19 Comments

National Bar Association Critical Of Ferguson Grand Jury Process

St. Louis attorney Pamela Meanes, who is president of the association, explains her concerns with how the D.A. handled the process.