As Snapchat’s popularity has grown, so has its need to adopt proper security practices.
In the last two years the company — which was most recently valued at $US19 billion — faced a series of spam problems, issues with third-party applications accessing its API, and then one of the most publicized data breaches in recent memory.
Of late, the company has taken an extremely firm stance on security, including a strategy that may have affected innocent user accounts, according to a new interview on Backchannel.
In 2013, while the company was focusing on fixing other issues, a hacker noticed that anyone could easily link usernames and phone numbers. The hacker then posted this information online.
In dealing with this, Snapchat was faced with a huge uptick in spamming. Spam accounts would find the listed usernames and attack. To combat this, Snapchat’s engineers monitored and took down large quantities of Snapchat accounts.
Snapchat implemented not only short term fixes, but crafted a long-term plan that employs “IP rate limiting,” an “automatic and aggressive” scheme that monitors input into the service. When Snapchat detects suspicious activity, it shuts down the Internet neighbourhood where the threat originates, even at the risk of affecting innocent users. “We were willing to cause a little bit of collateral damage to regular users to prevent the vast majority of spammers from taking us down from an abuse perspective,” says [Snapchat engineering VP Tim] Sehn.
This was one of many drastic actions Snapchat has taken to fight fake accounts and help user security.
Now Snapchat has a much larger security team hailing from big tech companies like Amazon and Google. It tells this story as a way to explain how serious it takes user privacy and security.
The company also wants users to know that it’s remorseful of past security problems, Backchannel writes. “I think one of the mistakes was not apologizing quickly enough,” said Sehn. “So I want to apologise to our users.”