Snapchat has clammed up after being hit by hackers. That’s not good.

Snapchat's been in lockdown mode ever since news broke Wednesday of a hack that exposed millions of user accounts and phone numbers.

This is unusual for a tech company that's attracted glowing trend pieces from the tech media, and grabbed the limelight when it rebuffed Mark Zuckerberg's offer of a $3 billion buyout. We've heard barely anything from Snapchat on the incident — and that's a huge problem.

The latest saga began on Christmas, when researchers at the Australia-based Gibson Security publicly reported a vulnerability in Snapchat that potentially lets attackers use the Snapchat API to determine the phone numbers tied to usernames. But Snapchat did not reply directly to Gibson Security, and waited for two days before writing a blog post alluding to the notice. It didn't say that the exploit had been fixed — just that it had thrown up some roadblocks.

Now, one hack and almost a week later, that Dec. 27 post is still the most recent one on Snapchat's Tumblr. The company hasn't tweeted anything acknowledging the incident. More than 24 hours after the hack the fix failed to prevent, Snapchat still hasn't responded to my request for a comment. Nor has it offered a substantive reply to any other reporter; Wednesday night, CEO Evan Spiegel simply left a cryptic message on Twitter:

Snapchat's radio silence is worrisome. While the data breach wasn't especially serious — we're not talking about Social Security numbers or credit-card information — its failure to admit explicitly that an intrusion took place, or to communicate to users quickly after the attack, adds to the impression of Snapchat as a fratty, insensitive and bro-infested company that couldn't care less about your privacy and security. This was the it-company of 2013?

That Snapchat's first instinct is to say they've contacted law enforcement is also telling. It suggests what they think is most important is catching the culprits. But the damage is already done; punishing the hackers isn't going to magically obscure again the millions of phone numbers and usernames that got exposed. Arguably more important is making sure that the next patch holds — and saying so to the rest of us.

It's a pretty low bar that Snapchat has to clear. It should probably apologize, eventually. But in the opening days of a crisis, at least just tell us what happened and how you're fixing it.

Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.

business/technology

the-switch

Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Comments
Show Comments
Most Read Business

business/technology

the-switch

Success! Check your inbox for details.

See all newsletters

Next Story
Brian Fung · January 2, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.