Last week I said that it was a shame that the firm had not said sorry, after it was caught with its pants down – allowing hackers to extract a database of millions of users’ ids and phone numbers.
In fact, Snapchat was having trouser trouble ever since August (when it was first informed of the security weakness in its API), and then did nothing until Christmas when it dismissed the flaw as “theoretical”.
Now, however, the firm says it has released a new version of its iOS and Android app that allows users to opt-out of linking their phone number with their username.
Hmm. That’s not perfect, of course. The vast majority of people will probably never realise the option exists. If Snapchat really had its users’ privacy as a priority then maybe they could have made this new version of their app ask users to *opt-in* if they wanted their phone number to be linked in a fashion which a third-party might be able to extract.
But at least, finally, we got a “sorry” from Snapchat.
Maybe the company will have learnt from the experience and will take security and privacy more seriously in future. In addition, maybe they’ll get some decent PR advice next time they have a corporate crisis like this one.
By the way, I don’t want to suggest that Snapchat are the only ones at fault in this sorry story. Whoever released that database of 4.6 million Snapchat users and their partially redacted phone numbers also unnecessarily put innocent people’s privacy at risk.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.