Due to the overwhelming demand to create new social apps, but the lack of security in protecting the web-enabled databases which hold user information, Snapchat-like hacking of consumer information might become common in 2014, according to USA Today.
Mary Ritti, a spokeswoman for SnapChat, told CyberTruth there will be a statement announcing an update for the app which will allow users to choose whether or not they want to appear in the "Find Friends" function, among other restrictions that will "address future attempts to abuse our service," according to USA Today.
Snapchat collects information about user interests and user connections, USA Today reported. Massive amounts of information can be gathered from smartphone or tablets because of their mobility which is later sold to advertisers.
The growing social app market which will produce similar apps all use the same type of model which consists of a database which works with the Internet to save consumer and work-related information from each user, according to USA Today. This in turn becomes a target for hackers because of the vulnerability of web-based databases.
"There is a high desire to monetize these new apps, combined with low technical sophistication and a significant security challenge. Millions of apps put out for the first time will get things wrong, and expose that information," Kevin O'Brien, director of product marketing at security vendor CloudLock, told USA Today.
As the market grows for similar apps and code-writing tools make app production faster than ever, protecting app databases are becoming more important to prevent hacks like the one Snapchat encountered, USA Today reported. The reason so many holes can be found by hackers and exposed is because a secure database takes a long time and a lot of money to create.
According to Chief Technology Officer at BeyondTrust Marc Maiffret, security issues are a complete separate step in creating an application, USA Today reported.
"We definitely can always look forward to more breaches as the overriding goal of most technology companies is still bringing feature rich and differentiated technology to market as quick as possible and sometimes that means security takes a back seat," Maiffret said, according to USA Today.
One way the Snapchat could have avoided the hack is if the company had contacted Gibson Security, which reached out to Snapchat on Aug. 27, 2012 with their first analysis of the vulnerabilities in their database, instead of releasing a statement on their website with the information Gibson has given them, USA Today reported.
In fact, not only did Snapchat not respond until Gibson made the vulnerabilities public on Christmas day, they posted a blog post on Dec. 27 acknowledging the flaws in their database and added how these flaws could be used against users, baffling the cybersecurity community, according to USA Today.
"They (Snapchat) should have privately reached out to Gibson, said 'thank you' and spelled out how they planned to resolve it," O'Brien told USA Today.
The names and numbers of the 4.6 million Snapchat users who were hacked are most likely going to be used in the "cyber underground" where scammers use the numbers to collect bank information, according to USA Today.
According to Roel Schouwenberg, principal security researcher at Kaspersky Lab, "It's a pretty safe bet to assume at least all of the U.S. phone numbers have been tried and mapped," USA Today reported. "There are a lot of possibilities for the attackers so it's important to be vigilant, especially as the information that's out there can't be easily changed."