byMs. Smith
Opinion
13 Oct 20144 mins
Data and Information SecurityData BreachMicrosoft
Third-party app Snapsaved took responsibly for being hacked, and that's how Snapchat photos were leaked.
The Snappening, a result of Snapchat users trusting the third-party app Snapsaved to save content, means the private photos and videos of as many as 200,000 Snapchatters is the newest massive collection of private photos in the hands of pervs strangers.
Since 4Chan dubbed the hack “The Snappening,” various articles claim the collection of photos and videos to be between 90,000 and 200,000. That’s a far cry from all Snapchat users, since the leaked photos came from people who used the third-party app Snapsaved that allowed them to store Snapchat pictures.
After a Snapsaved admin was accused of compiling “a full directory of the content and uploaded it to an un-indexed website where you could freely download it,” Snapsaved issued a statement on Saturday:
“snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database.”
After discovering the breach, which involved “500MB of images and 0 personal information,” Snapsaved “deleted the entire website and database associated with it.” Furthermore, “The Snappening” is a “hoax. The hacker does not have sufficient information to live up to his claims of creating a searchable database.”
There may not be a searchable database, but social media strategist Kenny Withers grabbed screenshots off 4chan to “catalog” the Snappening as the sequel to the Fappening unfolded.
4chanA person claiming to be the original leaker said he would not be sharing the images, most of which “are of normal ever day activities; walking to school, showing off your new haircut or cooking a meal.” He added on Pastebin:
I now wish to address the current content holders and possible collectors of this media. Consider for a moment the images of 200,000 people being leaked at once. Do you think that’s a good thing for the Internet? Do you think that will keep our Internet free? I understand there was already a partial leak of videos and images earlier today. I want possible downloaders of this content to understand that this is personal privacy we are invading. I don’t want to come off as a social justice warrior but we constantly fight on a daily basis for Internet freedoms. If this content is posted/leaked it will just be playing into the hands of the individuals who wish to actively monitor all Internet activity. Please for the sake of the Internet we enjoy and love every day, do not leak this content.
Well, that’s a peachy sentiment about personal privacy ironically coming from someone who supposedly started the leak. Since teenagers are Snapchat’s biggest users, then surely some of those photos are risqué enough to be considered child p*rn. Even if none of them are, but the users believed the photos would poof, what right does anyone have to access and share them?
Security researcher Jonathan Zdziarski explained why self-expiring messaging apps, “such as Snapchat, and others who rely on client-side logic,” are not trustworthy. “In plain English, it means that Snapchat, as well as any other self-expiring messaging app in the App Store, can be hacked (by the recipient) to not expire the photos and messages you send them.” After going into technical details, Zdziarski added:
The moral of the story for developers is simply this: don’t trust end users, and that includes your code running on their devices.
The moral of the story for end users is: don’t trust developers, and refrain from sending content to people whom you don’t trust.
Although SnapChat released a statement insisting that it was not hacked, and claiming “Snapchatters were victimized by their use of third-party apps to send and receive Snaps,” the company might be wise to address the issue of dangerous third-party apps on its blog.
PR damage-control is standard operating procedure, even if it doesn’t go so far as an apology, as was the case with Microsoft CEO Satya Nadella who later said he was “completely wrong” when suggesting women should avoid asking for a raise.
Related content
- newsResearcher discovers exposed ServiceBridge database Over 31 million documents from the field service management provider were left open to the internet.By Howard Solomon26 Aug 20244 minsData and Information Security
- featureIs the vulnerability disclosure process glitched? How CISOs are being left in the dark Better communication and collaboration between researchers and vendors and improved bug reporting mechanisms could help address confusing and sometimes wholly suppressed bug reports. By Cynthia Brumfield26 Aug 202410 minsCSO and CISOThreat and Vulnerability ManagementData and Information Security
- newsAWS environments compromised through exposed .env files Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications.By Lucian Constantin22 Aug 20247 minsData BreachAWS LambdaData and Information Security
- how-to3 key strategies for mitigating non-human identity risks For every 1,000 human users, most networks have around 10,000 NHIs, and that can be a huge task to manage. Here are 3 fundamental areas to focus on when securing NHIs. By Chris Hughes22 Aug 20246 minsData and Information SecurityIdentity and Access ManagementRisk Management
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
