Snapchat: This love-it-or-hate-it app, famous for turning down 3 billion of Facebook's dollars and infamous for being the easiest way yet to send risque photos, is in an interesting place. It's theoretically worth a lot, it's on almost everyone's phone, and it has virtually no infrastructure. The company seems to embrace glitches, flaunting its kitschy (or just downright bad) coding as part of the Snapchat experience. If it doesn't last very long, why spend much time on it? Well, I can think of a few good reasons — but I digress.
The problems specific to The Snappening are nuanced, but the greater issue they point to is a big one: Whose problem is it when third-party apps lead to breaches in major networks? Often users are required to enter their usernames and passwords into these applications while dismissively checking off all the user agreements and waivers that grant access to everything and take responsibility for nothing. Today it's your selfies, tomorrow it's your Twitter account, the next day, who knows?
The plot thickened soon after news of the breach, as the (allegedly) culpable third-party app, Snapsave, denied responsibility, claiming that usernames and passwords were not required for its app. Cached screenshots of older versions proved this to be false, which points to a halfhearted attempt at a cover-up. Later, Snapsave admins corrected their earlier denial, admitting that their library was compromised while attempting to downplay the amount of information accessible. This should give us pause as we trust third-party applications to protect our data with the same vigilance as the main apps we're augmenting. The reputation of major social networks is worth a lot more than some piggyback app built by a random guy in his free time, so they go to much greater lengths to protect their users. The Snappening is a frightening reminder of why we must guard our networks and vet all third-party applications and processes.
As hackers continue to prove every day, remote access or a single username are often all it takes to infiltrate an entire network. Since many computer users insist on using one or two passwords for everything, a Snapchat hack might grant password access to other personal information, such as your e-mail or network credentials. It's already been proven that hackers can trace your phone number by trolling Snapchat user databases, and the internet is, by nature, interconnected. We log into social networks with our email addresses, and into apps with account information from our social networks. The risk of third-party plug-ins is real, and the solution is complicated.
Within networks, a comprehensive security solution should offer full third-party vetting, block an application or its features if they do not meet requirements and make users aware of potential problems when they seek to download new, untrusted software. Education is also critical to preventing such basic, potentially catastrophic problems. Requiring complicated, specific passwords inside of sensitive networks is a pain for individual users but a major step toward the greater good. If your network requires ridiculous passwords, users will shy away from repeating them for their Snapchat and Buffer accounts. That way, when The Buffet occurs, you will be protected.
Photo Source: John Montesi (Author)