“Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them),” Gibson wrote on the Gibson Security website.
The Snapchat breach comes just two weeks after Target was hit with a massive data security breach that affected as many as 40 million debit and credit card holders. Gartner security analyst Avivah Litan, said phone numbers are not considered “sensitive” personally identifiable information — such as credit card or social security numbers — so they are collected by all sorts of companies to verify a person’s identity.
A phone number is “not as bad as password or magnetic strip information, but it’s the piece of the puzzle that criminals need to impersonate identities,” she said.
Regarding Snapchat’s response to the warnings, however, Litan added that it “doesn’t seem that responsible to be so nonchalant about it.”
Christopher Soghoian, principal technologist with the American Civil Liberties Union, agreed.
“The main problem was that they ignored a responsible report by security researchers,” he said, adding that his concern is not with the specific database of information that was released, but that Snapchat has “demonstrated a cavalier attitude about privacy and security.”
Many people use Snapchat because it feels more private than other messaging apps and social networks. Users can send each other photos and videos that disappear within a few seconds after they are viewed. While the recipient can take a screenshot of the message, a big draw of Snapchat is its ephemeral nature.
“This probably won’t be the last problem with Snapchat,” Soghoian said. Companies like Microsoft and Google, he added, actively court security researchers and even pay bounties for people to expose flaws in their systems.
“Snapchat may be too small to pay bounties, but they certainly should be treating researchers with respect and addressing issues as soon as they are told about them,” he said.
(AP Photo: The file photo shows Snapchat CEO Evan Spiegel in Los Angeles.)