Earlier this month, a Snapchat security breach allowed 4.6 usernames and phone numbers to go public, and the company’s response — an acknowledgement/non-apology — was widely ridiculed by press. Now the company again finds itself on the wrong end of some bad news, as it’s been forced to publish a blog post apologizing for an uptick in spam messages.

I received this image from a friend about five times over the past few days. (Image credit: Valleywag)
I received this image from a friend about five times over the past few days. (Image credit: Valleywag)

The spam on Snapchat is the usual fare for social networking sites; images promoting weight loss websites, or photos letting you know that “SIZE DOES MATTER,” with a link that can help you if you’re feeling, um, inadequate. Snapchat’s apology — complete with the word “apologize” so you know it’s for real — chalks the problem up to privacy settings, stating that accepting Snaps from “Only My Friends” will help with the problem.

Non-friends may not be the only source of spam, though; I received about five spam Snaps from a friend over the past few days, and he’s unsure how his account was compromised. If spam is coming from legitimate Snapchat accounts and not just accounts set up for the purpose of spamming strangers, the issue could be worse than Snapchat realizes.

This post from The New Yorker covers Snapchat security issues and, more specifically, its private, internal API which apparently isn’t all that safe.

Reverse-engineering Snapchat’s A.P.I. is against the company’s terms of service, but Gibson Security found no effective security measures to prevent it. Their advisory also revealed a handful of security vulnerabilities, noting that, while pictures and videos are encrypted, the decryption key is the same for everyone. (Imagine a bank where every safe-deposit box is locked, but there’s only one key.) This would make it easy for anyone who could obtain the data—or Snapchat itself—to decrypt, view, and possibly replace messages.

Has someone cracked the code to send spam from fake accounts as well as legitimate ones? It sounds like a possibility.

ALSO READ
Public WiFi: how to protect your personal data?

Snapchat’s post also tries to wipe out any connection between the current spam epidemic and the app’s earlier breach, stating that “As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays.”

This is the second security-related issue Snapchat has faced in a very short period of time, and this time around, it appears the company is moving more quickly to respond. Is there more to the story than some spam accounts sending unsolicited messages? We’ll probably find out soon enough.


>
Share This