(Repeats with no changes)
By Sarah McBride and Alexei Oreskovic
SAN FRANCISCO Oct 14 The prospect of tens of
thousands of potentially racy Snapchat photos hitting the
Internet has driven home a simple fact: the mobile app's core
feature - delivering photos and videos that vanish seconds after
viewing - is flawed.
The negative publicity surrounding that speculation has
spurred criticism about its lax security. But whether this will
affect the valuation of the 3-year-old Silicon Valley start-up
as it seeks another round of funding remains to be seen.
A range of venture capitalists and tech insiders say they
believe it will not, for now. One person close to the company's
fundraising efforts who asked not to be named said Snapchat is
still expecting a $10 billion valuation in the current funding
round, one of the startup industry's richest and the same level
being considered by investors before news of the breach surfaced
last week.
"Once a company is hot, investors will be keen to continue
investing unless the issue seems to be life-threatening," said
Anand Sanwal, chief executive of venture capital consultancy CB
Insights.
The brouhaha has not yet hurt the popularity of Snapchat
among teenagers, partly because no mass publication of leaked
photos has materialized. The messaging service remained among
the five most-downloaded photo and video apps over the weekend,
according to analytics service App Annie.
The issue arose last week when hacker forums claimed unknown
parties had created a file holding at least 100,000 stolen
Snapchat photos, including many of minors, that could end up
being posted online. The anticipated event, dubbed "the
snappening," was widely reported, including by Reuters.
While Snapchat said its servers were not breached, it
confirmed that rogue third-party apps have been storing its
users' pictures. That points to a longer-term challenge for the
Los Angeles company: its inability to fully block the external
parties it blames for undermining its business.
THE SNAPPENING
Even before any talk of "the snappening," security experts
were faulting Snapchat for what they call a cavalier approach
toward privacy, which may have given users a false sense of
comfort.
The third-party apps, which allow users to enter their
Snapchat password and log-in information, connect to the main
service and provide unauthorized features such as image-saving.
Such software can be pernicious since the people whose
pictures are stored are often unaware of the privacy breach by
the downloaders of the third-party apps.
Snapchat does not allow other apps to interact with its
service, but many developers manage to break the rules. The
company says it monitors for such "illegal" apps and has
succeeded in removing some culprits from Google and Apple app
stores.
One website, Snapsaved.com, claimed on Monday on its
Facebook page that its servers had been hacked and that
intruders had accessed its trove of Snapshot photos.
"Any application that isn't ours but claims to offer
Snapchat services violates our Terms of Use and can't be
trusted," Snapchat warned in a Tuesday blogpost.
But Snapchat should have been able to detect multiple
requests for information originating from external services, or
to detect when users were alternately logging on from different
apps, cybersecurity experts said.
In addition, Snapchat used very elementary encryption to
protect photos and videos on its service, said Chris Wysopal,
chief technology officer of Veracode, a firm specializing in
testing apps for security vulnerabilities.
Instead of requiring two separate cryptographic keys to
access images transmitted across Snapchat, the service relied on
a single universal key that unlocked everything, "the bare
minimum," he said.
"Someone who knew what they were doing, probably in a few
hours could reverse-engineer it, find the key and write a
program to decrypt the photos as they go over the network."
In May, Snapchat settled charges with U.S. regulators
accusing it of deceiving customers by promising that photos on
its service disappeared forever. The U.S. Federal Trade
Commission also faulted Snapchat for storing unencrypted videos
on users' phones, which could be accessed by connecting the
device to a personal computer.
Still, even the best security measures could leave Snapchat
playing an unwinnable cat-and-mouse game with hackers.
At a very basic level, Snapchat cannot stop anyone from
taking a photo of a photo. Anyone who receives a Snapchat image
on the phone can use another camera to capture the screen
picture, said Michael Coates, director of product security at
Shape Security.
Still, Snapchat may have little to worry in the near term,
at least on the valuation front, industry insiders say.
David Cowan, a partner at Bessemer Venture Partners, which
has not invested in Snapchat but has backed other consumer
startups like dating service Zoosk and online bulletin board
Pinterest, said Snapchat has little to worry about.
"These types of breaches will definitely stop people from
using Snapchat," Cowan said, "until they have a really cool
picture to share."
(Editing by Edwin Chan and Eric Effron; Editing by Richard
Chang)