Update on October 13, 2014: An anonymous developer at Snapsaved.com has admitted on Facebook that its website was indeed hacked, and that Snapchat itself was not. The images did not originate from Snapchat’s servers, but was due to a “misconfiguration in (Snapsaved.com’s) Apache server.”
“As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information,” the developer wrote.
Snapsaved.com says that usernames were not leaked, and says “the hacker does not have sufficient information to live up to his claims of creating a searchable database,” denying the rumor on the 4chan bulletin board that such a database exists. “Our users had to consent to all the content they received via Snapsaved.com…we tried to cleanse the database of inappropriate images as often as possible.”
Original story: The central idea behind Snapchat — and the one that’s helped it gain ground on rivals such as Facebook and Twitter — is that anything you post disappears after a few seconds. However, third-party apps can be used to store these vanishing pictures and videos, and it looks like one of these add-ons has now caused a leak of over 100,000 private images.
Details of the hack are difficult to pin down as the sites hosting the content are eager to remain under the radar, with child pornography charges being just one of several potential legal repercussions for anyone caught with the images. A report by ArsTechnica’s Sean Gallagher suggests that 13GB of photos were collected and posted to 4chan, which has since taken steps to remove the relevant links.
Snapchat has commented on the issue but only to deny responsibility: “We can confirm that Snapchat’s servers were never breached, and were not the source of these leaks,” read a statement released to the press. “Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Service precisely because they compromise our users’ security.”
We can confirm that Snapchat’s servers were never breached and were not the source of these leaks.
— Snapchat (@Snapchat) October 10, 2014
It looks like the third-party website to blame is the now-defunct Snapsaved.com, which allowed users to save the snaps they received, though it’s not clear whether the plug-in was hacked or had malicious intentions all along. Snapchat does not have a public API but its code has been reverse-engineered to enable access by other developers.
The breach of security has been widely reported in the press, though in the wake of the nude celebrity photo hacking scandal it appears that those responsible are keeping as low a profile as possible this time around. As a result, we don’t know the specifics of the source of the leak or how much content has made it online, but it’s another reminder to think twice about the services and apps you use to store and transfer private material.
(This article was originally published on October 12, 2014.)
- 9 things to know about Facebook privacy and Cambridge Analytica
- Zuckerberg releases first statement on Cambridge Analytica, vows more security
- Equifax could make money from its own breach; 2.4 million more are exposed
- Verizon agrees, ransomware is the most popular form of malware
- Snapchat has undone its controversial redesign for a majority of iOS users