The government also took issue with Snapchat's lack of limits on account creation, which it said was the precise cause of a major Snapchat data breach. "From September 2011 to December 2013, Snapchat failed to implement effective restrictions on the number of Find Friend requests that any one account could make to its API. Furthermore, Snapchat failed to implement any restrictions on serial and automated account creation. As a result of these failures, in December 2013, attackers were able to use multiple accounts to send millions of Find Friend requests using randomly generated phone numbers. The attackers were able to compile a database of 4.6 million Snapchat usernames and the associated mobile phone numbers. The exposure of usernames and mobile phone numbers could lead to costly spam, phishing, and other unsolicited communications."
Snapchat's defense for all of this? "When we started building Snapchat, we were focused on developing a unique, fast, and fun way to communicate with photos. We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them," a Snapchat statement said. "While we were focused on building, some things didn't get the attention they could have." Didn't get the attention they could have? That makes it sound like inadvertent holes weren't noticed. Grabbing the customer data without saying anything? Touting the disappearing images knowing they sometimes didn't? It doesn't look like a lack of attention. It reads far more like it got a whole lot of the wrong kind of attention. The "let's see how much we can get away with" kind of attention.
Some of the false claims rested on statements that the company knew to be not true. Snapchat said there was no way for an image to be seen after the pre-selected time expired, but it knew at the time of quite a few ways to do so, including apps designed for that purpose. How easy was it to get around the screenshot detection? The FTC made a good case that it was stunningly easy: "On versions of iOS prior to iOS 7, the recipient need only double press the device's Home button in rapid succession to evade the detection mechanism and take a screenshot of any snap without the sender being notified. This method was widely publicized."
In short, the attribute that is most identified with Snapchat — that an image will disappear forever after a few seconds — was bogus. Oh, it works well enough if the recipient plays by the rules and stays within the app. But consumers can't rely on message recipients to do that. They trusted Snapchat. Their bad.
Sign up for CIO Asia eNewsletters.