SEATTLE - The cybersecurity community this morning continues to buzz with discussions about how Australian research firm Gibson Security tried for months to get Snapchat to address gaping security flaws in its customer database.
Michael B. Williams, CEO of computer services firm Glexia, is one of several concerned technologists complaining that Snapchat executives have been unresponsive to offers to help them lock down the popular social media service, aimed at adolescents. A hacktivist on Tuesday stole and posted the names and phone numbers of 4.6 million Snapchat users.
"Snapchat has refused any attempts for any help from any security researchers," says Williams. "Even today, these vulnerabilities still remain. SnapChat is too busy tweeting out pictures of the Stanford game and amusing themselves to take security and those researchers dedicated to it seriously."
Snapchat spokeswoman Mary Ritti late Thursday issued a statement, via a blog post, outlining coming security upgrades and offering this olive branch: "We want to make sure that security experts can get ahold of us when they discover new ways to abuse our service so that we can respond quickly to address those concerns," Ritti said. "The best way to let us know about security vulnerabilities is by emailing us: email@example.com."
Kasper Lindgaard, head of research at vulnerability management firm Secunia, scolds Snapchat for failing to act as a responsible corporate citizen.
"Patching vulnerabilities happens to almost all vendors," observes Lindgaard. "My biggest concern and surprise is SnapChat's way of handling this. Unfortunately, their behavior is not unusual in less security mature companies, and we can only hope that they will learn from this hard-earned lesson, and improve."
(Copyright © 2014 USA TODAY)