Here and Now with Robin Young and Jeremy Hobson
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Friday, January 3, 2014

Snapchat Warned Before Hack About Vulnerability

Snapchat, the photo messaging service, says it plans to offer a more secure version of its application.

This comes after a security breach in which hackers published the names and phone numbers of 4.6 million users online.

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Gibson Security, an Australian security firm conducted a thorough review of Snapchat and warned the company the security vulnerability prior to the breach.

Snapchat posted a statement on its website explaining the breach that reads in part:

When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends. Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.

Marty Schenker, the executive editor of Bloomberg News, joins Here & Now’Meghna Chakrabarti to discuss Snapchat’s response to the security breach.


  • Marty Schenker, executive editor of Top News for Bloomberg. He tweets @mschenker.



From NPR and WBUR Boston, I'm Meghna Chakrabarti. This is HERE AND NOW.

Snapchat, that popular instant photo smartphone app with the ghost icon - if you don't know it, ask a teenager in your life - well, it's supposed to be a leading app in what could be called the new invisible Internet, because your snaps disappear after a few seconds. But as you probably heard, Snapchat became the latest victim of cyber attacks. Hackers collected and then published user names and phone numbers of some 4.6 million Snapchat users. Snapchat has issued as statement saying, it will release a new version of the app. But does that make any difference?

Marty Schenker is executive editor for news at Bloomberg News, and he's with us now to discuss. Hi there, Marty.


CHAKRABARTI: So first of all, let me ask you, are you a Snapchat user?

SCHENKER: No, but I am sometimes a recipient of some Snapchats.


CHAKRABARTI: OK. Great. So maybe not in that one. 12 to 16 demo that surprised amongst the app developers. But first of all, I understand that all this began back on Christmas Day with a warning that Snapchat received. How did the eventual cyber attack happened?

SCHENKER: Well, a self-appointed Web policer of securities had put out a - called Gibson Security - and told Snapchat, look, the way you have set up this Fine Friends feature that they implemented was subject to abuse. And you should really do something about it.

CHAKRABARTI: And then someone actually ahead and did that, right(ph)?

SCHENKER: Well, the response from Snapchat was rather vague. They basically came back and said, this whole notion of hacking our website is theoretical, which is like waving a red flag. And hackers went in and showed them, here's what we can do.

CHAKRABARTI: OK. So that's how what was supposed to be invisible became visible. And now, I see Snapchat has released a statement, announcing that they will release an updated version of their application - of their app, which will allow people to opt out of that Fine Friends feature. But I wonder - I mean, for Snapchat users, isn't that part of the glory of the app, is that it's actually easier to find folks to send snaps to with the feature on?

SCHENKER: Absolutely. They're caught in somewhat between a rock and a hard place. They do need to protect user security. And, in fact, none of those Snapchat photos themselves were put up on the Web. It was just user names and phone numbers. But they are going to have to figure out a way to allow for the social media experience of sharing invisible photographs and still protect their users' privacy.

CHAKRABARTI: Yeah, I know.

SCHENKER: It's not going to be easy.

CHAKRABARTI: Not going to be easy. You know, keen listeners will remember that it wasn't that long ago that Facebook offered Snapchat some $3 billion in cash to buy the company. And Snapchat said, no. It's a hot commodity, in part because it is still popular, especially amongst teens. Some 400 million snaps sent each day. What do you think this security breach might mean for the company's reputation?

SCHENKER: Well, it - in terms of their business model, it'll probably doesn't mean a lot. You can see on the Web right now, a lot of people are just calling this, you know, inexperience. And they're a young company. They've not yet gone public. And they need to figure out their response. And young people tend to basically shrug these things off. While expressing exasperation, they continue to use Snapchat.

CHAKRABARTI: You know, Marty, what's interesting is that, obviously, in the past several weeks and months, Snapchat isn't the only company that's had a major security breach. Just two days ago, on the first of the year, Skype's Twitter account was hacked into reportedly by the Syrian Electronic Army. And, of course, the retail giant Target victim of a massive cyber attack, where some 40 million customer debit and credit card numbers were stolen over a two-week period after Thanksgiving. How much do these cyber attacks actually cost the companies who were victims of them?

SCHENKER: Well, I don't know that anybody has really computed the number. But what is true, that companies that protect other companies for this are just surging in the stock market. So there's value there.

CHAKRABARTI: Marty Schenker, Bloomberg's executive editor for news. Thank you as always, Marty.

SCHENKER: You're welcome. Thanks.

CHAKRABARTI: You're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.

Please follow our community rules when engaging in comment discussion on this site.
Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

August 26 5 Comments

Virginia TV Reporter, Cameraman Killed On Air

Franklin County Sheriff Bill Overton says the suspect in the shooting has died of a self-inflicted gunshot wound.

August 26 12 Comments

A Recipe For Longevity? Beans, Friends, Purpose And Movement

For nearly a decade, Dan Buettner has researched the places people live longest, healthiest and happiest.

August 25 Comment

Recipes To Celebrate National Sandwich Month

From an end-of-summer tomato tartine to an Italian grilled vegetable sandwich, our resident chef shares her favorites.

August 25 3 Comments

Jimmy Carter’s Fight To Eradicate The Guinea Worm

The former president and founder of The Carter Center said he wants the last guinea worm to die before he does.