NEW YORK — Snapchat, the disappearing-message service popular with young people, has been quiet after a security breach that allowed hackers to collect the user names and phone numbers of about 4.6 million of its users.
Company spokeswoman Mary Ritti said Thursday that the company is assessing the situation but did not have further comment.
Many people use Snapchat because it feels more private than other messaging apps and social networks. Users can send each other photos and videos that disappear within a few seconds after they are viewed. While the recipient can take a screen shot of the message, a big draw of Snapchat is its ephemeral nature.
The breach occurred after security experts warned the company at least twice about a vulnerability in its system. Snapchat's seemingly detached response is causing some security specialists to wonder whether the relatively young company can handle the spotlight that it has been thrust into over the past year as its service becomes enormously popular.
In response to a warning by Gibson Security on Christmas Day — which followed an earlier alert in August — Snapchat said in a blog post last Friday that it had implemented "various safeguards" over the past year that would make it more difficult to steal large sets of phone numbers. Snapchat hasn't detailed the changes it made.
Even so, regarding Snapchat's response, Gartner security analyst Avivah Litan said it "doesn't seem that responsible to be so nonchalant about it."
As Americans rang in the New Year, hackers reportedly published 4.6 million Snapchat user names and phone numbers on a website called snapchatdb.info, which has since been suspended. The incident bruises the young company's image and may threaten its rapid growth. Los Angeles-based Snapchat has no source of revenue, but its rapid rise to an estimated 20 million U.S. adult users prompted Facebook to extend a reported $3 billion buyout last year. Snapchat's 23-year-old CEO, Evan Spiegel, turned down the overture.
The Snapchat breach comes just two weeks after Target was hit with a massive data security breach that affected as many as 40 million debit and credit card holders. Litan said phone numbers are not considered "sensitive" personally identifiable information — such as credit card or Social Security numbers — so they are collected by all sorts of companies to verify identities.