Lessons learned from the late December Snapchat breach
January 20, 2014

Communication technology has had a profound impact on the public and private sectors in the past decade, especially with cloud computing, social media, messaging services and other channels becoming more popular and diverse with the passing of each year. Businesses on the whole have left a lot to be desired when it comes to security, authentication and access management, while many experts continue to call for more aggressive and proactive protection against breaches. 

In one of the more high-profile cases in recent memory, the highly popular advanced messaging service Snapchat experienced a major breach that led to the exposure of roughly 4.6 million usernames and the associated phone numbers attached to the accounts. Although the National Security Agency and Edward Snowden scandal was likely the biggest news of 2013, Snapchat certainly made a negative statement right at the end of the year. 

Snapchat is one of the fastest growing messaging services in the market today, and while the exact number of users is unknown, as many as 400 million messages are sent and received daily through the application. All of these messages travel through mobile devices, and the company has already been valued in the billions after Facebook offered to purchase it last fall. 

What happened?
The Snapchat breach was caused by a relatively common set of events, as experts now believe that there was a vulnerability which was not patched in a timely fashion, leading to hackers acquiring the access information of millions of users. According to The New York Times, a group of security researchers dug into the major security failure, and found that there was a distinct weakness in the messaging services' systems that directly led to the capture and subsequent posting of what should have been protected, private information. 

The source explained that Snapchat allegedly knew about the vulnerability and did not act on it, as another security group discovered the problem before the attack occurred. While the company is now on its heels working to regain the trust of its users, new issues are already beginning to sprout up, going against the official statements given directly following the breach. 

"We don't display the phone numbers to other users and we don't support the ability to look up phone numbers based on someone's username," officials from the company explained, according to The New York Times. "Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way."

Repercussions now rolling
TechCrunch recently reported that Snapchat's CEO Evan Spiegel has finally given a public apology for the breach, while the announcement was somewhat delayed. What's more, the real issue seems to be a growing amount of spam messages that users are experiencing, causing even broader and more difficult challenges for the young technology firm. 

"We've heard some complaints over the weekend about an increase in Snap Spam on our service. We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue," Spiegel stated, according to TechCrunch. 

Regardless of what happens with this issue, businesses need to ensure that their employees are not bringing in security threats through their mobile devices, messaging services and applications. 

To overcome privacy issues, companies must combine employee awareness training with strong network and forms authentication solutions. Identity management begins and ends with the power of credential and password management, especially in the modern workplace where diverse applications and devices have become common.