Snapchat is a photo messaging application developed by Stanford University students. Using the app, users can take photos, record videos, add text and drawings, and send them to a controlled list of recipients. These sent photographs and videos are known as "Snaps".
Now the site where your teens are spending a lot of time has admitted to a hack on New Year’s Eve where the information for 4.6 million of its users hit the internet. On New Year’s Eve SnapchatDB! posted partially-obscured phone numbers and usernames of many of its members.
The response from the Snapchat team about the security hole was alarming. They admitted to knowing about the security flaw in its program that left it exposed to the breach for months, but failed to provide a fix. Now, more than a week after the hack, Snapchat has finally updated its app to allow users to opt out of the “Find Friends” feature, effectively disconnecting phone numbers from usernames for those who want more safety.
They released an update for Android and iOS that improves Find Friends functionality and allows Snapchatters to opt-out of linking their phone number with their username. “This option is available in Settings > Mobile #. This update also requires new Snapchatters to verify their phone number before using the Find Friends.
The breach occurred after security experts warned the company at least twice about a vulnerability in its system.
Before announcing its plans to update the app, Snapchat stayed silent. Its detached response caused some security experts to wonder whether this young company can handle the spotlight that it's been thrust into over the last year as it has become so largely popular.
What should users do? Gibson Security, the firm that warned Snapchat of the security vulnerability has created a site, — http://lookup.gibsonsec.org/ — that lets users type in their username to see if their phone number was among those leaked. Of two user accounts that The Associated Press checked, one was found to have been compromised. Gibson Security did not publish the last two digits of the phone numbers.
According to Gibson, users can delete their Snapchat account but "this won't remove your phone number from the already circulating leaked database." Users would then have to ask their phone company to give them a new phone number. Users should ensure that their security settings are updated and correct on their social media profiles. It’s wise to think about what data you give away to sites when you sign up. Never give your phone number if a site doesn’t ask for it. This was Gibson's second warning to Snapchat, following one in August that the security firm said was ignored.
The Snapchat breach comes just two weeks after Target was hit with a massive data security breach that affected as many as 40 million debit and credit card holders.
Security researchers supply these companies with responsible reports and most of the reports are ignored.
Many people use Snapchat because it feels more private than other messaging apps and social networks. Users can send each other photos and videos that disappear within a few seconds after they are viewed. But don’t be fooled --- recent news shows that the Snapchat can be easily hacked and that “deleted” photos are actually recoverable. This should worry both Snapchat users and parents of smartphone-savvy teens as sensitive photos and personal information can be hacked and used for exploitation and blackmail. Instead of using unsafe applications, users with sensitive photos and personal information should exclusively upload to a secure cloud that offers user privacy.
Experts say this won’t be the last problem with Snapchat, Companies like Microsoft and Google actively court security researchers and even pay bounties for people to expose flaws in their systems.
It’s a step in the right direction for improved security but it’s also time to talk with your teens about online privacy. Helping your teen identify why and where appropriate information boundaries should be set, and helping them to set these boundaries early, is strategic to helping them navigate an online world where settings and actions can quickly become very public.
When your teen masters these concepts and skills early, they are far less likely to have their information come back to haunt them, and appropriately cautious about sharing information when someone or some company asks for it.
Twitter me at http://twitter.com/ProtectChildren
Twitter me at https://twiter.com/STOMPOutBullyng
Ross Ellis is also the Examiner for: