- SCU Home Page
- About SCU
- On Campus
- News & Info
Business Ethics in the News
SNAPCHAT: Hacker Attack or Public Service
Tuesday, Jan. 7, 2014
Snapchat, one of the hottest startups of 2013, is under heavy fire this week over a security breach that compromised the usernames and phone numbers of 4.6 million Snapchat users. “Gibson Security,” a group of unidentified “white hat" hackers that first uncovered the vulnerabilities, warned Snapchat privately in August to no avail, leading Gibson to publish a detailed account of the security flaws on an online website. On New Year’s Eve, a different group of hackers used Gibson’s information to “steal” user information, and then posted the usernames and phone numbers (partially redacted) on its own website to raise awareness on the issue.
Snapchat’s CEO, Evan Spiegel, responded with a cryptic tweet, stating that Snapchat was working with law enforcement, and later called the incident an “attack” and “abuse” of its system. Numerous journalists have criticized Snapchat for ignoring the initial warnings, the lack of apology, and for depicting the “hack” as a malicious attempt, as opposed to the benevolent effort many believe it to be. Nonetheless, Snapchat’s system was “attacked,” and millions of users’ private information was published online. Should the actions of Gibson and the other hacker group be seen as abuses of the system or as a public service to be lauded?
Kirk: I’ve never had much affection for “white hat” activists, especially when they facilitate the misuse of private and confidential information. These groups often due more harm than good, even when their intentions are in the right place. Real “white hat” groups should be able to accomplish their goals without publicly revealing data or methods for exploiting security weaknesses. Snapchat’s inability to respond to these warnings needs to be addressed--they have since created a direct email to receive security related messages--but Gibson Security is not blameless here.
Patrick: I see the upside of “white hats,” when done right they provide a counterbalance to keep corporations and governments honest. The flip side to this is that there is no counterbalance, no accountability, and often no way to prosecute these white hat groups, all of which should make the public hesitant to fully embrace them. My concern is over the publishing of the “recipe” for hacking the system—why wasn’t that also partially redacted? I think they got lucky another supposedly white hat group was the one to capitalize on the loopholes.
Snapchat GibSec Full Disclosure (Gibson Security)
SnapchatDB ("second hacker group")
A Framework for Ethical Thinking (Markkula Center for Applied Ethics)
NEXT STORY: WELLS FARGO INITIATES PROACTIVE ETHICS REVIEW