Snapchat data breach comes after security agency had warned of attack

Snapchat, the popular social network that features disappearing messages, has been hacked in a security breach affecting 4.6 million users. On New Years Day hackers released the usernames and phone numbers of 4.6 million of their users less than a week after the company was warned by security experts that there was an exploitable vulnerability in their software.

Snapchat responded to that warning via a blog post that claimed they had implemented “various safeguards” to protect against a security breach, but those measures appear to have fallen short. Gibson Security, the firm that warned Snapchat of the security risk, has launched a website — http://lookup.gibsonsec.org/ — that will tell you if your account is among those compromised. Little can be done, however, to pull your number out of the hands of the hackers.

This was Gibson’s second warning to Snapchat, following one in August that the security firm said was ignored: “Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them).”

Snapchat’s is just the latest in a string of security breaches, coming weeks after Target admitted 40 million of their customers had their credit and debit cards compromised.

While your phone number being exposed is not as damaging as a credit card or social security number, it can be used by criminals to piece together your identity.

More alarming in this case, though, is Snapchat’s response — or lack of — to the incident. Their non-response to the breach is seen by some as them taking a less than serious approach to their software’s security.

This could prove to be a serious threat to Snapchat’s legitimacy as a social network. While they have never reported user statistics, it is believed that they have about 26 million users, and they are still growing with some momentum. They seem to think their future is bright, having reportedly turned down a $3 billion buyout offer from Facebook last year.

Incidents like this, and more importantly their cavalier response to them, could doom Snapchat to nothing more than a once-promising social media also-ran.

Why Windows Crapware Still Exists

My oldest daughter started high school about five months ago. Anticipating a heavy workload of writing and research, my wife and I did what countless other people do every day: we got her a Windows PC. The purchase decision was made primarily on price, and in this particular laptop we found a good mix of features and value ; or so we thought. Last night, after the latest round of hours spent cleaning, pruning, and otherwise tuning up the laptop for my daughter, a regular chore necessary to simply keep the machine in working order, I was ready to throw the computer out the window. And that was before I even got mad about the situation. The problem with my machine, like all other PCs, is crapware. Crapware is the gateway drug to Malware. It is those little pieces of software you neither need nor want that are installed on your PC for you. (Six month trials, free downloads, alternative search engines, etc.) The manufacturer loads them on your PC before you even buy it, and software vendors keep the cycle going by slipping some more on there for you every time you download a legitimate piece of software that you actually do want. Why would PC makers engage in such an anti-customer practice? Because they make millions of dollars a year from it.

Case in point: just this week, Oracle’s Java software (itself a bloated piece of crap, but that’s another article) had a security issue that required Oracle to release an emergency update. Oracle dutifully rushed out the update and urged users to download it immediately. I hope they didn’t breeze through the process too fast, though, because even this update, an emergency update to patch a major security flaw, contained crapware. Right there on the download dialog, already selected for you, was an offer to install the Ask toolbar, which would then also make Ask your computers’ search engine of choice. When is the last time you did a search on Ask?

The problem is insidious, and it is not going away. PC manufacturers will tell you that our desire for “affordable”; computers requires this subsidy. Compounding the problem, the PC business is going the wrong way, making it even more unlikely they, or the software developers will give up the cash they get in return for foisting steaming piles of crapware at you. In fact, the relationship is getting even cozier. Silicon Valley is throwing venture capital behind a company that streamlines the process of “software monetization”. That’s the carefully worded name that describes the process of bundling crapware with legitimate downloads. I urge you to read Y Combinator is funding the future of spam in Windows – drive-by crapware installers by Long Zheng. It is a thorough, and disturbing look at the business of crapware.

Mac users don’t face this issue. Apple does not load any crapware on new Macs, nor do they permit software developers to bundle it with their programs when you download them. You pay more upfront for this freedom; and that is certainly not the only reason Macs cost more ; but I now firmly believe that if you take the price of a bargain PC, add in the hours you will spend keeping it in working order, you will actually come out way ahead by buying a Mac. And that says nothing of the user experience, which is superior in every way. I’m a convert to Apple that will never go back to a PC. If you are tired of all the crap, you should think about doing the same. You’ll save money ; and time ; in the long run.

It’s time to get over the notion of online privacy.

You may have noticed some of your Facebook friends posting privacy disclaimers to their timelines over the last few days. In a nutshell, the notice boldly proclaims that the user themselves retains copyright of their pictures or other media and that no one else has permission to use them. The disclaimer, which is a hoax by the way, is thought to have originated during the weeks before Facebook went public. It was in response to allegations that Facebook had changed their privacy terms to your disadvantage. (They had not.) Though it sounds nice, the disclaimer actually offers you no legal protection – you can’t change the Facebook terms of service you agreed to when you signed up. You either live with them or you don’t use Facebook. The question really is, how well do you understand your online privacy rights?

They come down to this: if you want to use the social web, you should get over your expectation of privacy. Don’t worry, you still have ways to control who sees what you post, if you want to, and you should always use good judgement when deciding what to share, but along with that is an inherent lack of privacy in posting anything online. Social networks like Facebook make their money selling ads. And the more targeted they can make those ads, the more they can charge for them. They use your data for this, trying to guess your interests based on what you post and then serving you related ads. You can’t stop them or opt out of receiving the ads. You agreed to this when you opened your account.

But remember, it’s your data they want, not your baby pictures. This discussion of who owns your media is misguided. You own your pictures. In the case of Facebook, this is not even a question. You retain ownership while giving them the right to use your picture if they want to, for free. That’s the non-negotiable price of admission to use their service. So your best bet, then, if you don’t want to close your accounts, is to continue to enjoy using your social networks. As long as you review the privacy settings of your regularly, stop worrying about who owns your pictures, and make peace with the notion that your data is being mined for clues about what you may want to buy soon.