byMs. Smith
Opinion
Oct 13, 20144 mins
Data and Information SecurityData BreachMicrosoft
Third-party app Snapsaved took responsibly for being hacked, and that's how Snapchat photos were leaked.
The Snappening, a result of Snapchat users trusting the third-party app Snapsaved to save content, means the private photos and videos of as many as 200,000 Snapchatters is the newest massive collection of private photos in the hands of pervs strangers.
Since 4Chan dubbed the hack “The Snappening,” various articles claim the collection of photos and videos to be between 90,000 and 200,000. That’s a far cry from all Snapchat users, since the leaked photos came from people who used the third-party app Snapsaved that allowed them to store Snapchat pictures.
After a Snapsaved admin was accused of compiling “a full directory of the content and uploaded it to an un-indexed website where you could freely download it,” Snapsaved issued a statement on Saturday:
“snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database.”
After discovering the breach, which involved “500MB of images and 0 personal information,” Snapsaved “deleted the entire website and database associated with it.” Furthermore, “The Snappening” is a “hoax. The hacker does not have sufficient information to live up to his claims of creating a searchable database.”
There may not be a searchable database, but social media strategist Kenny Withers grabbed screenshots off 4chan to “catalog” the Snappening as the sequel to the Fappening unfolded.
4chanA person claiming to be the original leaker said he would not be sharing the images, most of which “are of normal ever day activities; walking to school, showing off your new haircut or cooking a meal.” He added on Pastebin:
I now wish to address the current content holders and possible collectors of this media. Consider for a moment the images of 200,000 people being leaked at once. Do you think that’s a good thing for the Internet? Do you think that will keep our Internet free? I understand there was already a partial leak of videos and images earlier today. I want possible downloaders of this content to understand that this is personal privacy we are invading. I don’t want to come off as a social justice warrior but we constantly fight on a daily basis for Internet freedoms. If this content is posted/leaked it will just be playing into the hands of the individuals who wish to actively monitor all Internet activity. Please for the sake of the Internet we enjoy and love every day, do not leak this content.
Well, that’s a peachy sentiment about personal privacy ironically coming from someone who supposedly started the leak. Since teenagers are Snapchat’s biggest users, then surely some of those photos are risqué enough to be considered child p*rn. Even if none of them are, but the users believed the photos would poof, what right does anyone have to access and share them?
Security researcher Jonathan Zdziarski explained why self-expiring messaging apps, “such as Snapchat, and others who rely on client-side logic,” are not trustworthy. “In plain English, it means that Snapchat, as well as any other self-expiring messaging app in the App Store, can be hacked (by the recipient) to not expire the photos and messages you send them.” After going into technical details, Zdziarski added:
The moral of the story for developers is simply this: don’t trust end users, and that includes your code running on their devices.
The moral of the story for end users is: don’t trust developers, and refrain from sending content to people whom you don’t trust.
Although SnapChat released a statement insisting that it was not hacked, and claiming “Snapchatters were victimized by their use of third-party apps to send and receive Snaps,” the company might be wise to address the issue of dangerous third-party apps on its blog.
PR damage-control is standard operating procedure, even if it doesn’t go so far as an apology, as was the case with Microsoft CEO Satya Nadella who later said he was “completely wrong” when suggesting women should avoid asking for a raise.
Related content
- newsDow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server.ByMs. SmithFeb 28, 20194 minsData BreachHackingSecurity
- newsRansomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently.ByMs. SmithFeb 27, 20194 minsRansomwareSecurity
- newsBare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks.ByMs. SmithFeb 26, 20193 minsCloud ComputingSecurity
- newsMeet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VRByMs. SmithFeb 21, 20194 minsHackingVulnerabilitiesSecurity
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
