<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

... And... It snapped again

Posted by Davide Palumbo on Wed, Oct 22, 2014

snappening oopsUnknown hackers are responsible for the leak of over 500MB images of Snapchat users. Videos and pictures of over 200,000 users were released on the Internet just a few days ago. Even if it has not been proven, it is suspected that the authors of the scam are somehow linked to those responsible for the posting in August of personal and often nude photos taken by hundreds of celebrities, including Jennifer Lawrence and Kim Kardashian.

According to the company’s privacy policy, Snapchat temporarily collects, processes and stores the secret messages sent over its servers, but the content is destined to disappear automatically as soon as it is viewed by the recipients. However, several services allow others to save photos or videos that have been created; just a few days after the breach first came to light, a quick search on Google Play and Apple's app store highlighted an impressive number of third party applications that promised to save Snapchat images and videos without the sender ever knowing (privacy issues).

Many of the services are easy to use and work the same way. Users simply log on to the service using their Snapchat credentials, and then they are free to save all the videos and photos they receive via Snapchat.

In a Reddit thread, SnapSaved.com has been indicated as the possible source of the Snapchat leak, and since then it has been taken offline. The website in fact allowed users to view the photos and the videos captured on a desktop computer, rather than just on a mobile phone. Unfortunately, the website also appeared to have been maliciously saving the users’ login details also, and storing the photos and videos that were posted.

Once the hackers were able to retrieve usernames and passwords, the site could authorize itself onto the Snapchat’s servers, and receive or send pictures viewed through it, and also store them without the knowledge of the users or Snapchat.JLawrence-1

In a Facebook post published Monday, Snapsaved.com confirmed the breach. "As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it". The company says the majority of their users are American, Swedish and Norwegian.

Meanwhile, this episode has raised the question of whether or not Snapchat has done enough to prevent third-party applications from accessing its API (Application Programming Interface). Snapchat has never officially allowed a third-party applications to access its API. However it is not difficult to reverse engineer.

Usually, an official API is created to allow third-party apps to access services like Twitter or Facebook, which have developed official APIs giving them the ability to track third-party applications and police their own platform with complete control. Unfortunately, Snapchat has not provided one. From here, programmers have figured out the characteristics on their own and created unofficial clones or utilities that send data over Snapchat’s network.

While Snapchat does not seem to be taking any responsibility for the leak of confidential data, it appears that the service has not been built considering users’ security as a primary concern. Even though Snapchat has stated that it is focusing their attention on the privacy of the users, a disclaimer posted on their website adds that "we cannot and do not represent or warrant that the services will always be secure or error-free or that the services will always function without delays, disruptions or imperfections." As a consequence, as long as Snapchat and third party apps are the hackers’ center of attention, there's no guarantee that your images will actually remain private.  

But if you follow these guidelines it may be helpful.

I could not have written this article without the help of the following sources:

  1. http://abcnews.go.com/Technology/hackers-private-photos-breaching-snapchats-servers/story?id=26156997
  2. http://www.usatoday.com/story/tech/2014/10/13/snapchat-leak/17184855/
  3. http://www.theguardian.com/technology/2014/oct/12/teenagers-snapchat-images-leaked-internet
  4. http://techcrunch.com/2014/10/14/snapchat-reminds-us-that-users-are-to-blame-for-photo-leaks/

Tags: Data Security

Subscribe to our BLOG

Recent Posts