Now, over the weekend, Snapchat users have suffered a spate of SnapSpam. "Waves and waves of spam are about to destroy @Snapchat I think. Due to the username leak, I assume. Anyone else inundated with spam?" tweeted Jordan Munson. "Well my Snapchat session just now consisted of over 50% spam so I guess that's that," tweeted Jacqui Cheng.
This time, with the spam problem, Snapchat has got its apology in fast – if a bit briefly. Firstly it said that it did not believe the spam issue was related to the data leak, although it does not say how or why it has come to this conclusion. The published database had the last two digits of the phone numbers removed; but that would hardly stop determined adversaries from finding the full numbers. Furthermore, the original hackers have the full numbers, and nobody can know whether it was given or sold, in full, to other groups.
The Snapchat apology goes on to say, "While we expect to minimize spam, it is the consequence of a quickly growing service." (Snapchat's own emphasis.) This is raising a few eyebrows – it's telling users that they have to expect spam since it simply proves is that Snapchat is a quickly growing service. Unfortunately, it's almost exactly what Snapchat said back in April 2013. Ten months ago it said, "Spam is a problem on many services with large audiences... we’re working on a long term solution to prevent spam from entering your feed. In the meantime, please adjust your settings to determine who can send you snaps. For a spam-free experience we recommend 'Only My Friends.'"
This time it says, "To help prevent spam from entering your feed, you can adjust your settings to determine who can send you Snaps. We recommend 'Only My Friends.'”
Clearly not much progress has been made in those 10 months. Andrew Conway, a researcher at Cloudmark, has blogged on the issue, pointing out that "you can still receive a spam friend request with a pending snap attached."
In fact, Symantec discussed this issue in December. "Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users." Symantec was looking at a particular Snapchat spam campaign. "If a user accepts one of these requests, they will receive a spam snap of a nude woman. While the photo may vary, each snap includes the caption, “Add me on KIK for nudes swap ;)” along with a username on Kik Messenger, an instant messaging application for mobile devices."
But Conway points out that Snapchat isn't merely bad at preventing spam – it also makes it difficult for users to report it. The web-based reporting page "is buried three levels deep and requires you to log in with your Snapchat username and password. Then you have to copy the information from the spam you received into a dialogue box to submit it... Sorry, Snapchat, but the spammers have automated everything, you need to do the same."
Conway suggests that a 'Report Spam' button should be built into the app itself. Until then, he says, "I have a hard time believing that Snapchat spam is an inevitable consequence of growth rather than the result of Snapchat’s indifference."