Blog post -
How hacking can cause a comms crisis. Snapchat, LinkedIn & Evernote
Being hacked represents not only a huge operational risk to most businesses but also, from a comms perspective, one of the biggest potential risks to an organisation’s reputation. Being hacked happens without warning and takes everyone by surprise. In the immediate aftermath of the hack being revealed, there can be a shortage of information about what has happened.
And so, at the time when you need to be providing your customers, shareholders and other external audiences with facts about the cause of the hack and how you’re going to fix it, you may be in the very early stages of figuring it all out. Furthermore, if key individuals in the business are away, the company can easily find itself in a meltdown with general internal panic and lack of focus. And finally, from a customer perspective, the prospect of your personal data in the hands of criminals is a frightening thought and can lead to extremely angry online reactions.
Snapchat, LinkedIn & Evernote: How They Reacted To Hackings.
Snapchat
In late 2013, photo sharing app Snapchat, the hotshot of the tech world, found itself embroiled in what was to be the start of a series of hacking related scandals. Security research group Gibson Sec published an update on their site revealing a flaw in Snapchat’s system that they said they’d alerted Snapchat to but that the firm had chosen to ignore. Snapchat themselves appeared to reference this in a blog post dated a few days later although they dismissed that there was any serious problem (a post that TechCrunch went on to call ‘a skimpy statement’).
A few days later it appeared that a group of hackers exploited the Gibson Sec information to perform a hack that resulted in data for over 4.6million Snapchat users being downloaded and posted online. Understandably, there were numerous pieces of media coverage and Snapchat found themselves having to reassure users that there wasn’t an issue with their app.
A year later Snapchat and hacking were once again in the headlines when a large number of photos, said to be taken from the app, were leaked online. Snapchat were quick to distance themselves from the event claiming that the hack was not of Snapchat itself but of a 3rd-party tool, something that is forbidden in Snapchat’s terms of use. A website called Snapsaved admitted to the New York Times that they were behind the tool and that their servers had indeed been breached.
Despite this it’s arguable that for many users, the message they took away from the incident was that once again Snapchat had proved to be not as secure as it should be.
One effect of these events and arguably, as a result of Snapchat’s fairly low key reaction to them, is that when Snapchat founder Evan Spiegel’s own emails were hacked as part of a scandal involving Sony, the media had very little sympathy.
Social network LinkedIn also suffered at the hands of hackers. LinkedIn was slow to respond when accusations were made that account details of 6 million of its users were hacked and posted online. Many press reports criticised LinkedIn for being slow to respond, with tech blog Gigaom saying that the company, “continues to do remarkably little to tell its users about what exactly is going on.”
Evernote
Productivity tool Evernote faired marginally better in assessments of its handling of their hacking crisis, with this commentary piece from The Drum noting that they had acted fast by informing users of the hack and explaining that they had implemented a password reset for all customers. However, it went on to mention the rather stock answer approach of one of their online support staff and that since the initial update there hadn’t been any further official communication from the company.
It’s difficult to assess how much long-term reputational damage is caused by hacking scandals and it can also depend on the nature of the hack. But how well or badly a company deals with being hacked can certainly cause users to think twice about whether or not to continue using that company’s app or service. And while it’s not usually possibly to see it coming, having a clear plan of action for what to do if a hacking crisis does occur will make it much more likely that an organisation will come out of it with their reputation dented but not destroyed.