Column | Feb. 17

Outside the Bubble: Hacked!

Shortly after New Year’s celebrations ended and the confetti in Times Square settled, something insidious slithered into the news: On the night of Dec. 31, a hacker posted 4.6 million Snapchat usernames and telephone numbers. The information was posted on a website called SnapchatDB.info by a hacker going by the alias “Lightcontact.” The site is now disabled, and programmers have created tools such as Snapcheck and GS Lookup that enable people to check if their information has been leaked.

The consequences were not too severe and only telephone numbers and usernames were leaked. But what’s more unsettling than the security breach is the fact that it could have been prevented. In August, a computer security research firm, Gibson Security, which is a non-partisan group, warned Snapchat that sensitive information was vulnerable to a hack attack. When its warning was largely ignored by the mass Snapchatters and Snapchat headquarters, Gibson Security published another warning, this time in the form of a blog post. Ignored yet again, just days before the leak, an interview was released in which the firm spoke about Snapchat’s vulnerabilities again. Fortunately, only usernames and telephone numbers were revealed, and not vital information. When Target was hacked during the Black Friday period, 40 million credit and debit cards’ data were stolen and used to purchase goods in the stores.

An app as widely used as Snapchat is very likely to be targeted by hackers who hone in on websites and apps with large user followings to obtain large sets of data. A fast-growing app with such a large following should have taken more steps to protect its users’ security. When a company, more focused on marketing and spreading the app to more customers, skimps on investment for data security, it may pay back even more for the negative press and reactions it will get after a successful hacking. Customers who use the app may be dissatisfied and close their accounts, resulting in lost revenue for the company.

Many of my friends are on Snapchat. When the leak was exposed, my friends discussed the options of deleting their accounts or keeping them. One friend, who didn’t delete hers, said “I’m questioning it, but I think I’ll keep it for now and just keep an eye out for updates. If it doesn’t seem like Snapchat is going to anything security wise, I’ll reconsider getting rid of it.” One friend deleted her account, noting that she “didn’t want to take the risk, frankly,” and she also has Facebook, email and text messaging, which she can use to send pictures instead of Snapchat.

The hacking of Snapchat, which affects so many of us, is perhaps a sign of something more sinister in our society. When Snapchat was hacked, it was a cause for concern because so many of my friends and peers had shared personal data with the app. In the age of information, where personal data are stored by these websites and apps, our data are vulnerable to hackers when we share our data with developers who don’t invest enough in security. We as consumers have a responsibility to be proactive about with whom we share our information. When information is so easily obtained through digital means, we also share in the responsibility of protecting our information.

The Snapchat leak is something of a minor scale incident because relatively harmless information was revealed, but it could easily be a harbinger of more evil things to come. A “good hacker,” one that probes websites for weaknesses in their security systems, reported in early December 2013 that there was no security at all built in the entire website Healthcare.gov, the information hub of Obamacare until several weeks later. The Obamacare Data Hub, the part of the website that collects information from people who purchase Obamacare, was vulnerable to hacking by criminals and foreigners. Very sensitive information is stored in this site, including names, social security numbers, credit card data and tax information. When credit card information is exposed, people are highly vulnerable to identity theft.

There seems to be a trend. Website developers focus on production and marketing of the website, with data security being an afterthought. But the consequences for neglecting to protect data are much harder to recover from than the effort it takes to prevent hacking before it happens.

Katherine Zhao is a freshman from East Brunswick, N.J. She can be reached at kz2@princeton.edu.

comments powered by Disqus