Security Breach Faced by Snap Chat Case Study
Describe in detail and in your own words all security breach faced by snap chat, mentioned in the case study. Marks: 3
What actions snap chat has taken against these attacks. Marks:
Fundamentals of Information Systems and Security Breach Faced by Snap Chat Case Study
Assignment No. 2
Case Study
Oh Snap! All About The Snap chat Cyber Hack
In early October 2014, the popular mobile messaging and social media app Snapchat suffered a very high-profile leak of approximately 100,000 to 200,000 user images sourced from the database of a Snapchat third-party client, Snap Saved.
Snapchat is a mobile messaging service that promises users the ability to send private messages and media to other users that are immediately deleted from the users’ phones and Snapchat’s database after viewing. The October data breach very publicly challenged the company’s promise of privacy and raised important concerns for the responsibility of both the company as well as the end-users of the application to protect data and provide adequate security.
Security Breach Faced by Snap Chat Case Study Third Party
SnapSaved was one of many “unauthorized” third-party applications that reverse engineered Snapchat’s application programming interface (API) to allow SnapSaved users to physically store images and media sent via Snapchat on SnapSaved’s website and database. In a post on its Facebook page, SnapSaved’s developer elaborated on the hack, stating it resulted from a misconfiguration in its Apache server. This post came in response to rumors and accusations that SnapSaved was purposely created by hackers to access stored Snapchat media and that SnapSaved allowed hackers access to its database. The SnapSaved website now offers users the ability to search whether any of their “snaps” were leaked.
While the leak may be relatively small in a vacuum (Snapchat users send over 350 million “snaps” per day), the company’s response to the breach is noteworthy. In the days following the hack, Snapchat blamed its users’ utilization of third-party apps for the leak, citing to provisions of its Terms Of Use agreement prohibiting use of third-party apps in conjunction with Snapchat.
However, this is not the first time Snapchat, a company that markets “user privacy” as its primary product, has faced cyber security issues. On December 31, 2013, hackers posted 4.6 million Snapchat users’ phone numbers and usernames on a website that has since been taken down. At that time, the hackers stated their motivation was to raise public awareness of Snapchat’s security flaws. Snapchat faced an investigation by the FTC for deceiving customers regarding how the application actually functioned and how much user data Snapchat stored. The FTC complaint also highlighted Snapchat’s security flaws and the precise exploit involved with SnapSaved, voicing concerns over the ease of reverse engineering by third-party app developers. The FTC complaint was filed and settled long before the October leak.
In terms of liability, Snapchat’s response relied upon its Terms of Use agreement with users, but the provision relied upon is buried in the fine print of the TOU with no explanation or warning to users why such third-party applications are prohibited. This raises questions of the enforceability of that provision in a court of law. Snapchat’s also suffered reputational damages from the occurrence. Snapchat’s interaction with its users and third-party clients raises important issues concerning the obligations of content providers for data security – particularly those that promise data security as a cornerstone of its product such as social media networks.
In February 2016, a Snapchat employee fell victim to a phishing scam. Typical company policy asks that employees do not open or click on “phishy” looking emails or links. The phishing email sent to a Snapchat employee that resulted in the company’s data breach was different. The hacker who wrote and developed this email crafted it so perfectly that it looked like it had been personally written and sent by Snapchat’s Co-Founder and Chief Executive Evan Spiegel. The email seemingly typed by the boss requested the payroll data of Snapchat’s employees. The payroll department willingly complied with the request, as the email did not meet any phishing red flags. This is how the hacker was able to gain access to employee information and essentially break into the system. The hacker walked away with the payroll information of present and past Snapchat employees, but the company affirms that the internal data systems were not breached, and user information was not accessed or stolen.
In a blog post published on February 28, Snapchat wrote, “We’re a company that takes privacy and security seriously. So it’s with real remorse—and embarrassment—that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.”
Snapchat’s quick response to the cyberattack and transparency about the phishing scam with the public demonstrates that they are a company who does indeed pride themselves on protecting their customers AND staff. The blog post details how they learned of the breach and their response to it. The company assures their customers that the situation is being taken care of and that there is no need to worry. And it’s true, Snapchat righted the situation and has since continued to climb.
CASE STUDY QUESTIONS:
1. Describe in detail and in your own words all security breach faced by snapchat, mentioned in the case study. Marks: 3
2. What actions snapchat has taken against these attacks. Marks: 1
