Snapchat_logoLooking for a technology story to follow in these first days of 2014?

The suggestion here is the Snapchat data breach, specifically what comes of it. The leak of 4.6 million usernames and phone numbers occurred on New Year’s Eve, and it should motivate all social media consumers to re-examine the value they place on their privacy. (Pay attention, parents.)

For those unfamiliar with Snapchat, it is a photo- and video-sharing service that claims to destroy shared content within 10 seconds of the recipient opening the message. The popular Android and iOS application has more than eight million users, according to Nielsen, but is also known as a tool that teenagers use to post sexually explicit material.

In the final days of 2013, the story became disturbing from a security standpoint. Snapchat seemingly ignored months-old alerts from security researchers. The claim: A pair of exploits could enable hackers to access usernames, real names and phone numbers. One of the exploits was for the “Find Friends” functionality.

“Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username,” a January 2 statement on Snapchat’s blog reads.

Hackers, according to reports, could potentially do much more: use personal data for stalking purposes, or profit by selling spammers the information.

The security researchers, unsatisfied with Snapchat’s lack of response to the warning, published code for the private API and the exploits on Christmas Eve. Wouldn’t you know it? Hackers struck in the last hours of the year. With the goal of pressuring Snapchat to strengthen security, they posted to the website millions of usernames and partial (redacted) phone numbers that visitors could download as a SQL dump or CSV file.

The site clearly states:

“You are downloading 4.6 million users’ phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”

There’s an aspect of vigilante justice in this story, right? And it creates quite an ethical debate: While the 2-year-old social service should have done more to protect the privacy of its users, were hackers right to force the issue by making public the personal information of Snapchatters?

It’s no wonder 6 in 10 respondents to a recent GFI Software™ survey said, if possible, they would wipe the Internet clean of any information about them. There’s a risk to businesses as well. Among survey respondents with company-owned mobile devices, nearly all said they use the technology for activities unrelated to work.

Snapchat stated on its blog that hackers violated terms of use. The hackers, as you’d imagine, felt they were justified.

“It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” the hackers told tech blog TechCrunch. (The full statement can be read here.)

Since the leak, multiple tools have been created for Snapchat users to determine if their accounts were exposed. “GS Lookup – Snapchat” was among the first available, according to Mashable, which details in this article how the tool works.

However – and whenever – this story ends, there’s a clear moral to it: Beware of the information you authorize any app to access. Even for social media services with the best intentions, it’s an ongoing struggle to protect users’ privacy.

The Snapchat saga serves as a powerful example.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.