The FTC has approved final charges against Snapchat after the company's lax security policies were exposed, placing user data at risk.
In an advisory posted 31 Dec, the Federal Trade Commission (FTC) revealed final charges set against the messaging app company. The Snapchat app billed itself as a way of sending messages -- 'snaps' -- which would self-destruct within a set timeframe after being viewed by the recipient.
However, we discovered last year that this isn't exactly the case -- as a third-party app could be used to view the Snapchat directory and recover messages which were meant to have vanished.
Naturally, users were not best pleased at the idea their personal messages, which were not meant to exist, could be extracted and stored. It seems the FTC wasn't happy either, as it could be argued that users were misled over the protection of their data when using the Snapchat app.
The FTC says that Snapchat "deceived consumers with promises about the disappearing nature of messages sent through the service," and "Snapchat also deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure."
In other words, Snapchat wasn't clear when it comes to your entire contact list being accessed and lifted from your mobile device.
The company is also banned from "misrepresenting" itself in how user security, privacy and confidentiality is maintained.
In November, Snapchat also issued an outright ban on third-party apps linking to the Snapchat platform, and promised to start freezing the accounts of users who refused to comply with the new rules. Snapchat was forced to take action following a mass hack dubbed the "Snappening" which saw a database containing over 100,000 images and videos sent across Snapchat leaked online for the titillation of the masses.
Snapchat was also made to apologize after 4.6 million Snapchat usernames and matched phone numbers were leaked at the start of 2014.
There are no fines on the horizon, but this case should remind companies that user privacy in a post-Snowden era is a top concern and security should not be ignored.
Read on: In the world of security
- Botnets in 2014: ZeuS surge, lax policies place Web users at risk
- Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity
- Hackers infiltrate White House network
- FireEye predictions for cybersecurity in 2015
- Analysis casts doubt on FBI claims over Tor website seizures
- High volume DDoS attacks rise in Q3 2014
- Apple iOS Masque flaw dangers: Communication app infiltration discovered
- UK hires hackers, convicts to defend corporate networks
- ZeuS variant strikes 150 banks worldwide