After last month’s Snapchat third-application security breach happened, the service provider decided to start informing their customers whenever a third-party application is trying to enter their accounts. The measurement aims to prevent disclosing personal information and pictures of customers that are being exchanged between users.
The company promises better protection for users after the incident in October this year as of terms with third-party applications, stating that in a blog post from yesterday.
Snapchat’s October Incident
Last month the Snapsaved.com server entered and gathered information from Snapchat user accounts without authorization; the incident was called “Snappening”. The first information was that 13GB of image (some of which naked teenagers!) and video data has leaked to a specific web-server, but then it appeared that the leak was much smaller and contains pictures of mostly dressed users.
“We want to prevent that from happening in our community. Starting today, we will notify Snapchatters when we have detected that they may be using third-party apps and we’ll ask those Snapchatters to change their password and stop using unauthorized apps.”, the company writes in the yesterday’s post.
To counteract on applications compromising their users’ security by evoking illegal actions on their accounts and guarantee the accounts’ safety, Snapchat have decided to issue warn messages to users every time other applications are using the service.
In order for malicious third-party application to function properly, they must log into the user’s account first. Therefore, an alert for such application coming from Snapchat will be accompanied by password change recommendation.
Snapchat is a service for multi-media with limited expiration time, usually the data being deleted after being seen by the recipient. Although there are applications offering a long-lasting service to users, stating that they can reserve the information for user’s later review. One way for this to happen is throughout the Snapchat API (Application Programming Interface), which has been used in developing of the Snapchat platform. Due to security reasons the company’s API is not public, and the company is using it for its own purposes.
In a blog after the October breach Snapchat announced that they still need time for developing, in order to guarantee that the platform is completely secure. “We’ll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API. You can help us out by avoiding the use of third-party applications. “, the team wrote.