Ride the Lightning

Snapchat Settles with FTC Over Misrepresentations and Privacy

May 13, 2014

Last week, the New York Times reported on Snapchat's settlement with the Federal Trade Commission (FTC). The FTC charged that the company misrepresented the ephemeral nature of the messages (snaps) and didn't take adequate security measures with respect to the data it collected – which resulted in a data breach earlier this year that leaked information, including usernames, passwords and phone numbers, of up to 4.6 million users.

It was no surprise to me that the images were not ephemeral. Our forensics testing here indicated that we could often recover the images. And if they were opened in another app, that app could preserve them.

The FTC also said that video snaps were stored in unencrypted storage areas outside the app's sandbox and collected iOS users' contact information from their address books without notice or consent. That came as news to me – as I am sure it did to many iOS users.

Snapchat has agreed to put in place a privacy program under which it will be monitored for 20 years by a third party. No fine was announced as part of the settlement.

Glad the data breach finally drew the FTC's attention. Remember, if it sounds too good to be true, it probably is. Your mom was right!

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq