Earlier today when Snapchat issued a statement about the “Snappening” — when hundreds of thousands of stolen Snapchat photos hit Internet forum 4chan last night — it pushed blame onto consumers for using unauthorized third-party apps.
The worst part is Snapchat was right. Rumor has it that certain Snapchatters had been using external apps, potentially Snapsave or SnapSaved, to save their snaps (which are supposed to disappear) — and that at least one of those apps’ servers were hacked.
Snapchat more or less washed its hands of the situation by saying its servers were never hacked. Instead it passed the blame onto consumers for using “illegal” third-party apps.
“They shouldn’t have used an unofficial app that was attempting to bypass the intention of [Snapchat]. It’s like using a jailbroken phone,” said Phil Neray, VP of enterprise security strategy at app security firm Veracode.
Neray said Snapchat has already stepped up its security measures by adding encryption after vulnerabilities were made public by Gibson Security earlier this year. In fact, that’s why these third-party apps no longer work. In its statement, Snapchat said it continuously monitors the App Store and Google Play for apps like these and reports them. What’s more, Snapchat can’t prevent users from downloading third-party apps. From a security standpoint, you can’t really blame Snapchat, he said.
After all, this is the user’s content. Shouldn’t they shoulder some responsibility for keeping it safe? Sure. But users rarely exercise enough caution when downloading and using new apps.
Herein lies the rub. People aren’t educated when it comes to security. Who’s responsible for that?
While Snapchat couldn’t have prevented the photos from appearing on 4chan, it could be doing more to educate its roughly 100 million users, the majority of which are under 25, about basic security measures and why they’re important. And not just Snapchat, but all providers of mobile and web applications.
“Cybercriminals are constantly scanning the Internet looking for holes in web applications,” said Neray.
A recent report by IDG says that 63 percent of web and mobile apps are not assessed for security vulnerabilities, including SQL attacks, which utilize username and password inputs to gain access to servers and databases. Consumers need to be aware of these threats, so they can be better informed about how they communicate and share information digitally.
Tech companies typically don’t want to draw attention to the risks of operating in a digital space, and they certainly don’t want to make security difficult for their users. So the demand for more education and better security ultimately has to come from those users.
If nothing else, the “Snappening” — like the “Fappening” (the leak of celebrity iCloud photos, also on 4chan) before it — serves to teach users that security matters and they need to be more cautious with their personal information. Too bad they have to learn it the hard way.