90.9 WBUR - Boston's NPR news station
Top Stories:
Here and Now with Robin Young and Jeremy Hobson
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Friday, January 3, 2014

Snapchat Warned Before Hack About Vulnerability

Snapchat, the photo messaging service, says it plans to offer a more secure version of its application.

This comes after a security breach in which hackers published the names and phone numbers of 4.6 million users online.

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Snapchat CEO Evan Spiegel poses for photos in Los Angeles, Oct. 24, 2013. (Jae C. Hong/AP)

Gibson Security, an Australian security firm conducted a thorough review of Snapchat and warned the company the security vulnerability prior to the breach.

Snapchat posted a statement on its website explaining the breach that reads in part:

When we first built Snapchat, we had a difficult time finding other friends that were using the service. We wanted a way to find friends in our address book that were also using Snapchat – so we created Find Friends. Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

A security group first published a report about potential Find Friends abuse in August 2013. Shortly thereafter, we implemented practices like rate limiting aimed at addressing these concerns. On Christmas Eve, that same group publicly documented our API, making it easier for individuals to abuse our service and violate our Terms of Use.

Marty Schenker, the executive editor of Bloomberg News, joins Here & Now’Meghna Chakrabarti to discuss Snapchat’s response to the security breach.


  • Marty Schenker, executive editor of Top News for Bloomberg. He tweets @mschenker.



From NPR and WBUR Boston, I'm Meghna Chakrabarti. This is HERE AND NOW.

Snapchat, that popular instant photo smartphone app with the ghost icon - if you don't know it, ask a teenager in your life - well, it's supposed to be a leading app in what could be called the new invisible Internet, because your snaps disappear after a few seconds. But as you probably heard, Snapchat became the latest victim of cyber attacks. Hackers collected and then published user names and phone numbers of some 4.6 million Snapchat users. Snapchat has issued as statement saying, it will release a new version of the app. But does that make any difference?

Marty Schenker is executive editor for news at Bloomberg News, and he's with us now to discuss. Hi there, Marty.


CHAKRABARTI: So first of all, let me ask you, are you a Snapchat user?

SCHENKER: No, but I am sometimes a recipient of some Snapchats.


CHAKRABARTI: OK. Great. So maybe not in that one. 12 to 16 demo that surprised amongst the app developers. But first of all, I understand that all this began back on Christmas Day with a warning that Snapchat received. How did the eventual cyber attack happened?

SCHENKER: Well, a self-appointed Web policer of securities had put out a - called Gibson Security - and told Snapchat, look, the way you have set up this Fine Friends feature that they implemented was subject to abuse. And you should really do something about it.

CHAKRABARTI: And then someone actually ahead and did that, right(ph)?

SCHENKER: Well, the response from Snapchat was rather vague. They basically came back and said, this whole notion of hacking our website is theoretical, which is like waving a red flag. And hackers went in and showed them, here's what we can do.

CHAKRABARTI: OK. So that's how what was supposed to be invisible became visible. And now, I see Snapchat has released a statement, announcing that they will release an updated version of their application - of their app, which will allow people to opt out of that Fine Friends feature. But I wonder - I mean, for Snapchat users, isn't that part of the glory of the app, is that it's actually easier to find folks to send snaps to with the feature on?

SCHENKER: Absolutely. They're caught in somewhat between a rock and a hard place. They do need to protect user security. And, in fact, none of those Snapchat photos themselves were put up on the Web. It was just user names and phone numbers. But they are going to have to figure out a way to allow for the social media experience of sharing invisible photographs and still protect their users' privacy.

CHAKRABARTI: Yeah, I know.

SCHENKER: It's not going to be easy.

CHAKRABARTI: Not going to be easy. You know, keen listeners will remember that it wasn't that long ago that Facebook offered Snapchat some $3 billion in cash to buy the company. And Snapchat said, no. It's a hot commodity, in part because it is still popular, especially amongst teens. Some 400 million snaps sent each day. What do you think this security breach might mean for the company's reputation?

SCHENKER: Well, it - in terms of their business model, it'll probably doesn't mean a lot. You can see on the Web right now, a lot of people are just calling this, you know, inexperience. And they're a young company. They've not yet gone public. And they need to figure out their response. And young people tend to basically shrug these things off. While expressing exasperation, they continue to use Snapchat.

CHAKRABARTI: You know, Marty, what's interesting is that, obviously, in the past several weeks and months, Snapchat isn't the only company that's had a major security breach. Just two days ago, on the first of the year, Skype's Twitter account was hacked into reportedly by the Syrian Electronic Army. And, of course, the retail giant Target victim of a massive cyber attack, where some 40 million customer debit and credit card numbers were stolen over a two-week period after Thanksgiving. How much do these cyber attacks actually cost the companies who were victims of them?

SCHENKER: Well, I don't know that anybody has really computed the number. But what is true, that companies that protect other companies for this are just surging in the stock market. So there's value there.

CHAKRABARTI: Marty Schenker, Bloomberg's executive editor for news. Thank you as always, Marty.

SCHENKER: You're welcome. Thanks.

CHAKRABARTI: You're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.

Please follow our community rules when engaging in comment discussion on this site.
Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

March 30 38 Comments

Sen. Warren: Not Interested In Reid's Job And Still Not Running For President

Elizabeth Warren insists she has no plans to jump into the 2016 race. She joins us to discuss her current political goals.

March 30 8 Comments

Unveiling The Pain Of Secondary Trauma Victims

Mac McClelland was diagnosed with PTSD after witnessing another woman's horror at being brutally assaulted. She joins us to explain why she didn't believe the diagnosis, at first.

March 27 Comment

Using Poetry To Expose The Power Of Money, Class And Gender

Alissa Quart's first book of poetry is both personal and universal - inspired by work and research she has done as a journalist.

March 27 11 Comments

Yale Is Starting A VHS Archive And It’s Full Of Horror Movies

"Silent Night, Deadly Night," "Stripped to Kill" and "The Last Slumber Party" – all from the 80s – are a few of the titles.