The last Snapchat nude photo leak shows the vulnerability of the Cloud as well as the failure of businesses to take responsibility for their penetrable cloud service(s)
“First, it was the iCloud celebrity nude photo hack, yesterday it was the Snapchat nude photo hack. What will it be tomorrow?”, many have asked regarding what is becoming a new growing awareness about the risks and dangers of cloud technology.
This kind of question shows that a number of consumers are putting the pieces together to make up their minds about whether or not “the cloud” is safe to use – and whether or not they should risk putting something on the Web (such as their children’s photos, or photos of their spouse, for example) that could come back to haunt them on “4chan” or some other social site later in life.
We can blame Apple for the iCloud hack and say that Apple’s lack of cloud security is what contributed to the celebrity hack. And, it’s likely the case that Apple could do more on the cloud front to make its iCloud service better for users. After all, Apple went on record as saying that the company didn’t have a loophole in its cloud service and that it was “cooperating with authorities” – only to turn around within days and issue an update for iOS users that was designed to boost cloud security. So, which is it? Was Apple responsible for the iCloud celebrity nude photo hack or not? Apple says no, but issuing the update within days of the accusation makes the company somewhat suspect.
In the case of Snapchat, the company finds itself warding off blame for the nude photo hack because it wants to maintain the confidence and numbers of its customer base. This is the same thing that happened with the JPMorgan Chase 90-server hack from earlier this month, or the Target hack attack from last November around Thanksgiving: the last thing any company wants to do whenever it’s attacked is take responsibility and say, “We’re guilty of not protecting or encrypting your data so that you don’t become a hack or data theft victim.”
Snapchat blames third-party apps, but there are a number of third-party apps that are not hacked into on a daily basis. Maybe a third-party app or website such as SnapSaved is to blame in this case, but Snapchat shouldn’t be so quick to blame third-party apps – particularly if the company wants to retain customers who do use third-party apps. Not all third-party apps are bad, and it’s likely that at least 1 customer had his or her photos hacked into with Snapchat who uses only authorized third-party apps.
What I’d like to see is more companies that provide cloud services come forward in hack events and place blame where it belongs: on themselves. This isn’t to say that the hackers aren’t responsible for their actions, nor is it to say that any company with cloud services couldn’t witness a hack attack on its own servers. What it does show is that Apple, Snapchat, and others cannot provide cloud services “in the dark” without alerting consumers as to the risks and vulnerabilities of cloud technology.
In the end, the cloud is vulnerable. The World Wide Web is vulnerable. But even these vulnerabilities do not free companies who offer services in the cloud from taking responsibility when things fall apart. My mother’s statement that “saying the two words ‘I’m sorry’ is a tall order for adults” still holds true with businesses.