Security News
Get Scanguard Login

Snapchat Map Vandalism Proves the Risk of Crowdsourced Data

Snapchat suffered embarrassment at the end of August when New York was renamed ‘Jewtropolis’ by an unknown person

Published by Claire Broadley

The company said that the issue was fixed within an hour of it being spotted. It was one of several malicious attempts to change the map, but it appears to be the only successful one.

This wasn’t a hack in the traditional sense. It was a user simply exploiting the user contribution system in its Snap Map feature, and being ‘lucky’ enough to have their edit accepted.

Photo by Fikri Rasyid on Unsplash

However, it does flag up how ill-equipped some companies are to cope with massive amounts of contributed data in apps like mapping, and how small mistakes can lead to offence and disruption.

Who’s Responsible For Our Maps?

The mapping technology that Snapchat uses is owned by Mapbox, and it pulls in its actual mapping data from OpenStreetMap. Snapchat says that the edit was made on the OpenStreetMap originally, but the blame lies with Mapbox for allowing it to be published on its mapping services.

In theory, when the Mapbox system detects an edit from a user that could be offensive, it routes it for review by a human. Unfortunately, in this case, it appears that the edit was flagged correctly but allowed through onto the live map.

 

Photo by NESA by Makers on Unsplash

When the name of one of the world’s most prominent cities can be changed on a map by accident, it would suggest that the system isn’t capable of dealine with the sheer volume of edits that are submitted. Just one small edit like this can quickly replicate all over the web; the same edit also appeared on some lesser-known apps, including software used to rent out bikes in major cities.

Mapbox sprung into action and published a blog post on Medium condemning the issue, but also admitted that its human verification system had failed to spot the change.

How Can We Better Protect Map Data?

Many services like OpenStreetMap and Google allow user edits to maps, and Mapbox isn’t the first provider to fall foul of this problem; Google’s had its fair share of issues.

But if we are to protect the integrity of data that the entire world uses, mapping companies need to get a lot better at picking out edits that are clearly offensive or designed to cause issues for businesses and other users. This is an ongoing challenge for mapping companies that accept changes and updates from anyone that cares to contribute.

The Guardian notes the case of Serbian Crown, a restaurant in the USA, which was forced to close after someone maliciously altered its opening hours on Google, causing a 75% drop in trade practically overnight. It’s thought that the hack deliberately targeted the business and wasn’t spotted until it was too late.

Despite the fact that Snapchat technically wasn’t responsible for the offensive map change, it received a huge amount of negative press, with some mainstream media outlets condemning its ‘antisemitic’ content.