Snapchat's prompt statement on the massive reported increase of snapchat spam over the weekend was interesting, but not unexpected. The obvious question is whether the recent upsurge is due to the snapchat breach on New Year's day. Snapchat CEO has said that it hasn't.

In reality, it almost certainly has been affected by this, at least indirectly. The recent Snapchat breach has probably caused more people to be conscious of any Snapchat security issue, so any influx of Snapchat spam was going to be reported in much greater numbers. Plus its likely that the Snapchat spammers were at least influenced by the breach's timing, to either delay the attack until now, or to speed up the attack while perceived weaknesses are apparent. Also the sheer size of Snapchat's user base - the snapchatdb breach allows credible estimates of nearly 33 million in the US alone (estimated by multiplying 10.4% by US population) - means that there is more knowledge on the size of a very tempting target.

The question is then what to do. I have a lot of sympathy for any communication system that starts experiencing spam in large numbers. Spam of any type, once it gets established, can be difficult to eliminate without the right security mechanisms. However Snapchat's statement that spam being the feature of a quickly growing service is a curious one. While being the target of spammers is indicative of a large communications business, actually experiencing it should not be. It does not have to be accepted, and in Snapchat's case, the problem should not be insurmountable. As they operate essentially a closed system they can implement mechanisms such as filtering to deal with these centrally. Also the newness of Snapchat helps; it means that the spammers may not have invested as much in putting in place systems to send 'snapspam', therefore their barriers to exit will not be as high. It is probable that reasonably basic defenses will make an initial big difference for Snapchat.

The next step would be to make available some easier form of snapspam reporting. While helpful, this is not an end in itself as will require constant monitoring, and the nature of Snapchat spam might affect it. Reported spam can have a very poor spam-to-noise ratio (number of reported 'real' spam  to various), generally meaning reports need to be verified, this means dedicated resources. In addition, real Snapchat spam might be under-reported as well. SMS spam reporting consistently under-represents 'adult-like' messages - simply put, people do not seem to like reporting messages with adult content. This is likely to be experienced by Snapchat as well, further emphasising the need for an all-round Snapspam blocking system, relying on multiple methods, to block malicious spamsnaps.

Thankfully, there is a whole industry in place to assist Snapchat, organisations like the GSMA and M3AAWG have done a lot of work in helping dealing with spam and have the experience and expertise to advise Snapchat. It will also require a mindset and resources within Snapchat to start dealing and addressing these issues daily, not just spam but all security issues in general. That is the sign of a growing service.