Snapchat cofounders Evan Spiegel, left, and Bobby Murphy
As long as Evan Spiegel maintains control of Snapchat, you can be 100% sure his company will be repeatedly hacked. How can I be so sure? For two simple reasons. First, Spiegel has made too many people angry in his scramble for power and money. Second, Snapchat is a treasure trove of personal information. Of course, some may say that Spiegel’s arrogant style is normal in the business world. This is just the way business works. Maybe. But you really don’t want to make enemies of people who have the power to make you and your company look bad. That’s just good business sense.
Here, briefly, are some key moves the world’s youngest billionaire made in establishing his seedy reputation. First of all, there’s the friend, Reggie Brown, who some claim was cheated out of his share in the company. Then there was the release of some of Spiegel’s emails from his undergrad days at Stanford. As Valleywag summed up, “Emails obtained by Valleywag show a slightly younger Spiegel shifting seamlessly from entrepreneur to a guy trying very hard to get girls so drunk, they might have sex with his friends. Who needs Y Combinator when you’ve got a stripper pole, your dad’s swanky house in L.A., and some cocaine?” Yes, Evan does not come across well in these emails, and that’s an understatement. And if you want to excuse this as normal undergrad posturing, keep in mind that Spiegel is still only 25 years old. Can we really think his females-as-sex-objects rant has changed so much in a few years? As someone who knows him wrote, “And try as I might, I’ve had a hard time liking him.”
Then there’s his relationship with Facebook’s, Mark Zuckerberg. According to some sources, when Zuckerberg wrote to arrange a meeting with him, Spiegel bragged about making Zuckerberg come to him for a meeting. He eventually turned down a $3+ billion deal with Zuckerberg, clearly figuring he could profit more on his own. In the end, Zuckerberg went with Instagram, which some may argue was a better move, at least according to the following chart.
At the beginning of 2013, Snapchat was riding high. In April of that year, Spiegel became famous for saying, “I am a young, white, educated male. I got really, really lucky. And life isn’t fair. So if life isn’t fair — it’s not about working harder, it’s about working the system.” But that was before his luck ran out. In August, Gibson Security informed Snapchat that it had found vulnerabilities in the Snapchat code and detailed it here. Snapchat ignored the threat. Four months later, the information of 4.6 million users was compromised.
Then, early in 2014, a 16-year-old hacked Snapchat using a variation of the Gibson Security exploit to get in touch with co-founder Bobby Murphy. He claimed that Snapchat was a relatively easy target, even after they tried to upgrade their security. Later in the year, about 100,000 photos, and videos associated with Snapchat user accounts were stolen using a third party app. The truth is that a large variety of Snapchat hacks abound on the internet, though, admittedly, some are fake. Nonetheless, if you type “how to hack snapchat” (in quotes) into the Google search engine, you will receive 82,000 results, which, if nothing else, at least shows there’s a lot of interest in such hacks.
It was also in 2014 that the Sony hack exposed emails by Sony Entertainment CEO and Snapchat board member, Michael Lynton. These emails suggest that Spiegel and co-founder, Bobby Murphy, may have divided up $40 million from a deal with Tencent between them. Lynton was irked because he wasn’t informed about what Spiegel was doing and felt left out of the loop.
And that brings us to the hack that occurred a few days ago. In this one, the company claims that only employee data was compromised. The company blog claims,
“We’re a company that takes privacy and security seriously. So it’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this…we’re just impossibly sorry.”
Is being “impossibly sorry” a good thing or a bad thing?
Apparently, one of the employees in the payroll department fell victim to a well-designed phishing, or spear phishing, email that looked like it came from Spiegel. Although the company claims no user data was compromised, if this was a well-designed breach, elements of it could still remain hidden in the system. Besides, these compromised employees could be targeted for future phishing attacks using the information the hacker(s) stole.
In 2014, the U.S. Federal Trade Commission filed a suit against Snapchat and forced it to upgrade its security. Snapchat has since established a bug bounty program which will pay those who find vulnerabilities up to $10,000. These measures may have helped Snapchat become more secure; however, they cannot stop phishing attacks like the one that compromised the employee in the recent attack.
Snapchat writes that “our hope is that we never have to write a blog post like this again.” Unfortunately, it will take more than hope to keep them from being repeatedly hacked. They are simply too high profile and have control of too much valuable data. With the addition of Snapcash, which allows users to transfer money to friends after giving up their credit card and PayPal details, the app is under threat, no matter how much they may hope that they will not be. In other words, look for more hacks in the near future.