back to article Snapchat vows to shut its hole in wake of 4.6 million user data breach

Mobile image-sharer Snapchat has promised an update to its service to seal off a security hole that allowed hackers to harvest the account details of some 4.6 million users. The company said that its update will allow users to opt out of the Find Friends system and prevent others from looking up their account information …

COMMENTS

This topic is closed for new posts.
  1. bazza Silver badge

    Horse bolted...

    ...and stable door now propped shut with thin, dry stick?

    1. Will Godfrey Silver badge
      Happy

      Re: Horse bolted...

      Well put. Have an upvote.

    2. LarsG

      Re: Horse bolted...

      Apology?

      When hell freezes over.

      The customer is just a commodity to be used.

      1. ecofeco Silver badge

        Re: Horse bolted...

        "The customer is just a commodity to be used."

        What commodity is actually forced to pay for the privilege of BOHICA?

        (and don't say we have choices, because we really don't. Sturgeons Law and all that, and no, I'm not talking about Snapchat and competitors specifically)

    3. Anonymous Coward
      Anonymous Coward

      Famous last words

      "I believe at the time we thought we had done enough," he said, "but in a business like this that is moving so quickly, if you spend your time looking backwards, you're just going to kill yourself."

      Reads like an epitaph.

  2. Charles Manning

    Duh.

    USA population, particular the oooh-look-at-me trendies, is largely coastal.

    1. DF118

      I initially came to the same conclusion, but then realised you can't make that judgement based on what is basically just a subset of data.

  3. Anonymous Coward
    Anonymous Coward

    Find Everyone Else's Friends

    Hacked.

  4. Amazon Wageslave
    Paris Hilton

    What I don't get...

    The whole point of Snapchat is to send nude pics, yes? There's really no other use case. So why in God's name did it need a look-up function? If you're not sure about a person's phone number or email, you probably shouldn't be sending them dick/tit pics. Even if the pic has a self-destruct function of dubious functionality.

    1. Phil Endecott

      Re: What I don't get...

      > The whole point of Snapchat is to send nude pics, yes?

      Perhaps not. The only time I've seen SnapChat used "in the wild" was a young woman in a cafe who said to her friends, when her salad arrived, "Oh that looks delicious, I'm going to SnapChat it.".

      I suspect that within some demographic it is used as a WhatsApp / BBM / Twitter replacement, with any "pr0n" associations now forgotten by its users.

      1. Eguro

        Re: What I don't get...

        Sure there's a group that primarily uses it to push boundaries of social conduct.

        For others it is more used as a way of easily and quickly make mostly non-committal communications.

        It's like talking to someone; It's a social action, but mostly it's small less meaningful things being said. Something you might not think much about. Snapchat offers a similar thing, but with pictures. If you could save the images you'd have to put more care in to them, because they'd be around to reflect upon your character. But because they're quickly deleted (and somewhat forgotten - like a conversation), they can serve a more lax function.

        "Hey - thinking about you" - "Hey, I just had this donut, and rememberd our conversation" - "Look at this dog, it's hilarious".

        It might even serve as a conversation starter next time you meet up. "What the hell was with that dog? Why was is stuck in honey?"

    2. Anonymous Coward
      Anonymous Coward

      Re: What I don't get...

      Apparently it's popular with the kids who don't like Facebook because their parents use it. I've heard stories of kids using it instead of SMS, sending 30 - 40 messages a day... weird, I know.

    3. Anonymous Coward
      Anonymous Coward

      Re: What I don't get...

      No, not just nudes. How about sending funny pictures to your friends?

      Snapchat accounts are linked to your phone number yes. But what about people who use Snapchat on devices which don't have a phone number (i.e. tablets)?

    4. Alan Denman

      Re: What I don't get...

      and that might contain bollo*ks.

      Fools do not realise it is a very simple process to copy all Snapchat pics.

      So your might well be sending those testy pics to the whole world.

  5. Gordon 10 Silver badge

    To paraphrase the CEO

    If you spend your time protecting your users you're only going to kill yourself.

    What an utter w*nker.

    1. Anonymous Coward
      Anonymous Coward

      Re: To paraphrase the CEO

      Or... "Every dollar we spend on IT is a dollar lost from my bonus". W*nker indeed.

  6. volsano

    "I believe at the time we thought we had done enough"

    As the ancient IT maxim says: you don't get what you expect; you get what you inspect.

    Their shoulder-shrugging approach to being caught out in a major security flaw is not a good pointer for the future.

  7. Piro

    Most pointless leak and breach ever

    They knew exactly what the problem was before it was abused, publicly.

    Someone abused it.

    Then they fix the problem they already knew about.

    What the hell is this crap? It's like leaving your door open, telling people you left your door open, then being surprised when someone nicks your TV.

    1. John H Woods Silver badge

      Re: Most pointless leak and breach ever

      Piro: "It's like leaving your door open, telling people you left your door open, then being surprised when someone nicks your TV."

      ... not so much your TV, but all your clients' property that you were storing for them.

    2. Turtle

      @Piro: Calling All Google Apologists!

      "What the hell is this crap? It's like leaving your door open, telling people you left your door open, then being surprised when someone nicks your TV."

      If you recall "The Case Of The Google Wi-Fi-Slurping Street View Cars" and some of the comments on it, you will know that there are people here who will tell you that if the door is left open, then it's perfectly alright to take that telly.

      So your analogy may or may not hold.

  8. sysconfig

    Am I the only one thinking that it should be a criminal offence if ALL of the following is true:

    - your company gets a hint by security researchers

    - you don't give a fuck about it for months

    - asked about it (when disclosed) you play it down

    - you got caught out anyway with exactly that flaw, only days later, leaking personal data of millions

    Plus some extra years behind bars if you live in denial and still treat it like no big deal.

    1. Destroy All Monsters Silver badge
      Trollface

      Some would say it's due to copyright being relentlessly weakened by evil big business, then call for additional protection of the "creative types" instead.

      Problem solved. Or not?

    2. Yet Another Anonymous coward Silver badge

      re: it is a criminal offence

      We have lots of laws to prosecute the security researcher and the users

    3. DropBear
      Unhappy

      ...that would seem to go against current industry practices, as embodied in the well-known "...even if advised of the possibility of such damage..." presently slapped on absolutely anything that has more than three bits in it. Sorry, IT in general decided they can't be bothered.

  9. wolfetone Silver badge

    Somewhere in California

    Mark Zuckerberg has just breathed a sigh of relief, exclaiming "Thank f**k we didn't buy that".

    1. Anonymous Coward
      Anonymous Coward

      Re: Somewhere in California

      You know, if it was rolled into the Facebook organisation properly they'd probably have gotten rid of this, maybe replaced it with an FB search or tie your suggested snapchatees together on the Social Graph.

      So, for possibly the one time in Human history, Facebook could have helped secure private information- albeit accidentally.

  10. Steven Raith

    Data retention...

    I'll put £5 on them not actually deleting the pics after the 15sec timescale - I'm sure data retention laws for criminal offences require them to keep them for a certain period.

    So what happens when someone cracks their system wide open, which on this evidence of ignorance of security problems, it is a when, not an if, and they find that a large chunk of the pics are from under 18s sending nudeys - AKA distribution and creation of child porn.

    That'll be an interesting day.

    Steven R

    1. Anonymous Coward
      Anonymous Coward

      Re: Data retention...

      Ah, but the rich don't go to Jail. They just...

      ...oh, wait. They didn't take the Facebook offer, did they? Yeah, he's screwed.

    2. Crazy Operations Guy

      Re: Data retention...

      "pics are from under 18s sending nudeys"

      Something tells me that that is likely the reason they didn't take the $4 Billion dollars; someone was afraid their endless stream of porn would be found and they'd get thrown in prison.

  11. g e

    How inept/lazy/both are they?

    Like it's something on the level of integrating quantum gravity into the system to just remember the last time an IP made a request and then deny it again within a certain timeframe.... AS YOU CREATE THE INITIAL CODE.

    It's a fifteen minute job. I wonder if they even hashed & salted passwords if they're this hopeless.

    1. Steven Raith

      Re: How inept/lazy/both are they?

      They probably think salt and hashes are something you have with a mixed grill breakfast.

      Steven R

    2. DropBear

      Re: How inept/lazy/both are they?

      Oh, I wouldn't be surprised to find out that's exactly what they implemented NOW as the "fix"...

  12. Anonymous Coward
    Anonymous Coward

    Picture their sad faces.

    I'm sure there was an apology, in an image, is it not there now?

  13. asdf

    just another wanker millennial taking advantage of the same

    More proof why having a CEO in their 20s is a bad idea (Even the FB ship didn't right itself after the IPO screwup until Zuck got very close to 30 and Google knew from the start not to go IPO without an adult in charge). Especially one too dumb to not take a massive overvaluation when he could. Somewhere even Jerry Yang is saying wow that guy was too dumb to take the money?

    1. Jamie Jones Silver badge
      FAIL

      Re: just another wanker millennial taking advantage of the same

      I was thinking the same.

      Initially, I thought he was a bit of a nob with a big ego for turning down the *huge* Facebook offer, but gave him the benefit of the doubt - assuming there was some real reason he couldn't accept the offer due to circumstances we don't know about.

      But now, added with this - and his response - and the revelation that they nicked someone else's idea anyway.....

      1. Anonymous Coward
        Anonymous Coward

        Re: just another wanker millennial taking advantage of the same

        What is it with the millennial/baby-boomer shit on El Reg of late? There is no age/generation that precludes being a total dickhead.

        1. Anonymous Coward
          Anonymous Coward

          Re: just another wanker millennial taking advantage of the same

          "There is no age/generation that precludes being a total dickhead."

          Indeed, dickheadedness hits Homo Sapiens specimen at any age*. But statistically, this trait is at its peak, and en masse, around THAT particular age. Most speciman grow out of it, others... into it*.

          * disclaimer: politicians seldom reach that stage.

  14. nuked

    The guy is a class A idiot, and that's all I've got to say.

  15. chrisp1141

    Worry more about google

    I'm sure they'll fix the problem, but what about when Google or Facebook gets hacked? Just think about all of the personal information they collect about you. This isn't limited to information you give them. They track your browsing history and have information about every website you visit. When that information gets hacked and distributed to your friends, family, and colleagues, then you will be ruined. This is why I'm a strong advocate for using privacy-based sites such as DuckDuckGo, Ravetree, HushMail, SnapChat, etc.

    1. Gordon 10 Silver badge
      Pirate

      Re: Worry more about google

      There is a major difference between snapchat and google/Facebook in that they employ savvy managers and employees with top tier tech skills. It's a fair bet that they have some of the best penetration testers in the business. I wouldn't expect to see any major hacks against them at this point in time. Facebook especially seem to have matured in their outlook in the last couple of years.

      1. Destroy All Monsters Silver badge
        Holmes

        Re: Worry more about google

        But it never hurts to use more privacy-conscious websites anyway.

    2. Anonymous Coward
      Anonymous Coward

      Re: Worry more about google

      @Chrisp1141 - an interesting point, only weakened by the curious presence of snapchat in your list of "privacy-based sites".

      1. FrankAlphaXII

        Re: Worry more about google

        @AC 00:36

        Perhaps he didn't RTFA?

  16. ecofeco Silver badge

    So how is that cloud thing working out?

    There's an old saying: "The only thing worse than being wrong is being right, first."

    Now as I was saying about the "cloud"....

  17. jacobbe

    Data Security still not taken seriously

    These data breaches are now pretty routine, but do you hear about any prosecutions for running insecure systems?

    Perhaps if the law enforcers took data security seriously then the IT companies would too!

  18. Tree

    Phone numbers?

    A phone number is not protected information. There are telephone books published freely although you may request an unlisted number. It's not your social or even date of birth. If a bad guy gets your number they can only call you, not steal money or anything.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021