But the company is essentially getting a slap on the wrist. It has to allow independent privacy auditors to inspect the company for the next 20 years, and it was forced to promise it will be more forthright with customers. That's about it.
For instance, Snapchat photos have a self-destruct timer. But recipients could get around the auto-destruct by saving an image of what was on the screen.
The company also had said it took appropriate security measures to keep the information safe. However, "disappearing" videos didn't actually vanish. They were stored, unencrypted, on phones. That meant anyone could just plug a device into a computer and play the files.
Snapchat was also quietly collecting information about its customers. The company promised it wouldn't track users, but it surreptitiously followed an Android phone's every move. It also uploaded entire contact lists from iPhones without letting a customer know.
That blew up in the company's face when hackers stole the contact information for 4.6 million Snapchat users and posted their usernames and partial phone numbers online.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," FTC Chairwoman Edith Ramirez said in a statement.
"While we were focused on building, some things didn't get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community," the company said on its blog.