According to the FTC, the security breach was in direct contradiction to promises made by the service around security and disappearing messages.
FTC Chairwoman Edith Ramirez had this to say:
Snapchat’s failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers.”
If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.
This comes in response to a complaint filed by the Electronic Privacy Information Center last year.
Here’s what Snapchat had to say in an official blog post on the matter:
When we started building Snapchat, we were focused on developing a unique, fast, and fun way to communicate with photos. We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them.
We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That’s something we’ve always taken seriously, and always will.
Following Snapchat’s big data leak, the company came under fire for not responding to warnings made by security researchers and experts who had found a way to access Snapchat’s user data. Hopefully Snapchat has learned a lesson about being honest with its users, growing and keeping their trust, and protecting their information.
Re/Code reports that the FTC settlement prohibits Snapchat from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.” It also requires that Snapchat re-draft its privacy program, as well as undergo independent monitoring for the next 20 years.