Industry News

200,000 naked Snapchat images leaked, after third-party hack

Are you, or is a member of your family, in the habit of exchanging intimate private pictures via Snapchat?

If so, I hope you won’t be relying on them remaining private.

Because, as has been known for some time, there will always be ways for Snapchat images to be preserved by recipients – even if you were hoping they would expire and delete themselves a few seconds after being viewed.

Now, in an event dubbed “the Snappening”, hackers managed to hack into the servers of a site called SnapSaved.com, one of several third-party services that have historically allowed Snapchat users to secretly save the images they have been sent.

So, if you have ever exposed your private parts to someone on Snapchat – there is a chance that your picture is now in the hands of hackers. Worse still, the images are allegedly linked to specific usernames – meaning that you might have even more embarrassment to look forward to.

And forget red faces, it could be worse than that. Many of the users of Snapchat are likely to be under the age of consent, and if they have taken intimate photographs of themselves it could technically qualify as child pornography – a point addressed in one 4Chan post.

On its Facebook page, SnapSaved.com posted a statement:

I would like to inform the public that snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database.

Snapsaved has always tried to fight child pornography, we have even gone as far, as to reporting some of our users to the Swedish and Norwegian authorities. As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information From the database.

In an official statement given to the press, Snapchat washed its hands of any responsibility:

“We can confirm that Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.”

To an extent you can sympathise with Snapchat’s viewpoint. They weren’t hacked, and they weren’t guilty of sloppy security (on this occasion at least, but don’t forget that Snapchat usernames and phone numbers have been exposed in the past…).

But more clearly needs to be done to remind Snapchat’s millions of users – many of whom are teenagers – of the dangers of sending intimate images that may later leave them humiliated or embarrassed if shared with unauthorised parties.

I suspect that many of Snapchat’s users have been lulled into a false sense of security, imagining that it is safe to share intimate images via the app and believing the marketing propaganda that suggests images will be safely erased forever within ten seconds.

At the time of writing, SnapSaved.com is inaccessible. Personally, I’d be quite happy for it to stay that way – and if Snapchat itself were to suffer a similar demise, I for one wouldn’t shed any tears.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

5 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.