Two weeks after Target’s infamous data breach, Snapchat, a unique and emerging photo messaging application, experienced a data breach. Reports indicate that hackers gained access to Snapchat’s “Find Friends” feature and, from there, were able to acquire the usernames and phone numbers of some 4.6 million users. The compromised information was then posted on a website called “snapchatdb.info,” which has since been shut down.
Snapchat has gained tremendous growth and popularity, especially with younger people, since it opened its doors in September 2011. The draw is the secrecy associated with sending messages. Specifically, shortly after the recipient of a Snapchat message reads the message, the message is automatically deleted from the recipient’s device.
Although Snapchat is gaining popularity (it even had an offer from Facebook to purchase the company for $3 billion last year), a data breach like the one Snapchat experienced this past week can certainly bruise the company’s image and stunt its growth. Snapchat’s cavalier attitude toward the breach makes that scenario even more probable.
Gibson Security, an Australian-based security company, alerted Snapchat twice of its vulnerability to a breach prior to the data breach – once in August 2013 and again on December 25, 2013, a mere week before the breach. Many analysts believe Snapchat ignored the explicit warnings.
It is true that phone numbers are not generally considered personally identifiable information requiring notification of the breach, but, regardless of the notification requirement, when any company experiences a data breach, its reputation and popularity suffer. That is why it is important to be proactive, not reactive, when it comes to data breaches.