byMs. Smith
Opinion
13 Oct 20144 mins
Data and Information SecurityData BreachMicrosoft
Third-party app Snapsaved took responsibly for being hacked, and that's how Snapchat photos were leaked.
The Snappening, a result of Snapchat users trusting the third-party app Snapsaved to save content, means the private photos and videos of as many as 200,000 Snapchatters is the newest massive collection of private photos in the hands of pervs strangers.
Since 4Chan dubbed the hack “The Snappening,” various articles claim the collection of photos and videos to be between 90,000 and 200,000. That’s a far cry from all Snapchat users, since the leaked photos came from people who used the third-party app Snapsaved that allowed them to store Snapchat pictures.
After a Snapsaved admin was accused of compiling “a full directory of the content and uploaded it to an un-indexed website where you could freely download it,” Snapsaved issued a statement on Saturday:
“snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database.”
After discovering the breach, which involved “500MB of images and 0 personal information,” Snapsaved “deleted the entire website and database associated with it.” Furthermore, “The Snappening” is a “hoax. The hacker does not have sufficient information to live up to his claims of creating a searchable database.”
There may not be a searchable database, but social media strategist Kenny Withers grabbed screenshots off 4chan to “catalog” the Snappening as the sequel to the Fappening unfolded.
4chanA person claiming to be the original leaker said he would not be sharing the images, most of which “are of normal ever day activities; walking to school, showing off your new haircut or cooking a meal.” He added on Pastebin:
I now wish to address the current content holders and possible collectors of this media. Consider for a moment the images of 200,000 people being leaked at once. Do you think that’s a good thing for the Internet? Do you think that will keep our Internet free? I understand there was already a partial leak of videos and images earlier today. I want possible downloaders of this content to understand that this is personal privacy we are invading. I don’t want to come off as a social justice warrior but we constantly fight on a daily basis for Internet freedoms. If this content is posted/leaked it will just be playing into the hands of the individuals who wish to actively monitor all Internet activity. Please for the sake of the Internet we enjoy and love every day, do not leak this content.
Well, that’s a peachy sentiment about personal privacy ironically coming from someone who supposedly started the leak. Since teenagers are Snapchat’s biggest users, then surely some of those photos are risqué enough to be considered child p*rn. Even if none of them are, but the users believed the photos would poof, what right does anyone have to access and share them?
Security researcher Jonathan Zdziarski explained why self-expiring messaging apps, “such as Snapchat, and others who rely on client-side logic,” are not trustworthy. “In plain English, it means that Snapchat, as well as any other self-expiring messaging app in the App Store, can be hacked (by the recipient) to not expire the photos and messages you send them.” After going into technical details, Zdziarski added:
The moral of the story for developers is simply this: don’t trust end users, and that includes your code running on their devices.
The moral of the story for end users is: don’t trust developers, and refrain from sending content to people whom you don’t trust.
Although SnapChat released a statement insisting that it was not hacked, and claiming “Snapchatters were victimized by their use of third-party apps to send and receive Snaps,” the company might be wise to address the issue of dangerous third-party apps on its blog.
PR damage-control is standard operating procedure, even if it doesn’t go so far as an apology, as was the case with Microsoft CEO Satya Nadella who later said he was “completely wrong” when suggesting women should avoid asking for a raise.
Related content
- newsAWS environments compromised through exposed .env files Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications.By Lucian Constantin18 Aug 20246 minsData BreachAWS LambdaData and Information Security
- feature6 IT risk assessment frameworks compared Formal risk assessment methodologies can help take guesswork out of evaluating IT risks if applied appropriately. Here are six to consider.By Bob Violino09 Aug 20249 minsData and Information SecurityROI and MetricsRisk Management
- newsBlack Hat: Latest news and insights The Black Hat series of international cybersecurity conferences brings together top IT security pros, researchers, and thought leaders to discuss the latest cyber techniques, vulnerabilities, threats, and more. Here’s the latest to know.By CSO Staff08 Aug 20244 minsAdvanced Persistent ThreatsWindows SecurityThreat and Vulnerability Management
- opinionYou’re not doing enough to educate insiders about data protection Given the deluge of news about hacks and attacks, cybersecurity’s focus on outside threats is understandable, but woe be to the CISO who doesn’t address inside risks early and often.By Christopher Burgess07 Aug 20246 minsCSO and CISOThreat and Vulnerability ManagementIT Training
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
