Snapchat is getting a slap on the wrist from the Federal Trade Commission for allegedly deceptive marketing and a security breach earlier this year that compromised the data of 4.6 million of its users. The startup, which in the past has said that the photo messages people send on its service “disappear forever,” agreed to settle with the FTC over allegations that its app didn’t perform as advertised.
More serious was the way Snapchat handled users’ phone numbers. According to the FTC, Snapchat accessed the names and phone numbers of its users’ friends without telling them on Apple devices until iOS 6 was introduced. Security lapses in Snapchat’s “Find Friends” feature led to people inadvertently sending snaps to strangers using numbers that didn’t belong to them. “Find Friends” security flaws also allowed attackers to compile a database of 4.6 million users’ names and phone numbers and post it online in January.
Snapchat, which has not formally admitted any wrongdoing, will be subject to a number of privacy requirements over the next 20 years. The company will have to be more transparent in explaining to users how their messages can be accessed, and it must launch a wide-ranging privacy program to ensure users’ data is protected. Snapchat will be subject to privacy reviews every two years to assess its compliance with the FTC’s rules. Violation of the agreement could result in fines of up to $16,000 per transgression.
Getting dinged by the FTC has become something of a rite of passage for social startups. Twitter and Facebook are currently serving similar 20-year sentences under the government agency’s watchful eye.