News broke this morning of a massive leak of photos and videos, many of which containing images of minors, of users of the service Snapchat, which is designed to delete all content automatically after it's been viewed by the intended recipients. Some are claiming that more than 200,000 user accounts were affected.
Although not denying the hack involves the photos and videos of its users, Snapchat was quick to deflect responsibility. In a statement provided to VentureBeat, Snapchat confirmed that its servers were not hacked and claimed the leak was the result of a third-party Snapchat client designed to store images, videos, and the user names that correspond with each of them.
Some have pointed to an Android app called SnapSave that allows users to save images and videos before Snapchat automatically deleted them. However, Business Insider reports that an anonymous source pointed to a desktop website, SnapSaved.com, that offered a similar Snapchat storage service and which just happens to have shut down earlier this year. In either case, it remains unclear whether these third-party Snapchat services were designed solely for the purpose of collecting and eventually releasing Snapchat images or if rogue hackers went after these services and breached their servers on their own.
So, until more details on the hack are released, let’s assess who will be blamed for what in the fallout of a leak that could result in serious criminal charges.
Third-party Snapchat clients
If these apps were developed with the intent of duping Snapchat users, many of whom are teenagers, into storing sensitive photos and videos on a website or app just so they could leak them on the site, then it’s pretty clear that those behind it are Public Enemy No. 1 in this case.
The statement provided to VentureBeat pretty adamantly places the blame on these third-part clients, but that doesn’t mean the company's hands are clean.
One issue that stands out is that Snapchat users are not made aware when their photos and videos are sent to users of these third-party services that the company has condemned, as a BGR report pointed out. Often ignored in the conversation over Snapchat is that users can still capture screenshots of their smartphones or tablets before a Snapchat image has expired. Snapchat’s solution to this is to automatically notify the sender which user captured a screenshot of which image. That way, the user knows that the recipient stored the image. If legitimate Snapchat users send images or videos to third-party services that do the same thing, shouldn’t the service let them know?
This isn’t to blame the victims of the leak who unwittingly sent Snapchats to users employing services that stored them, nor to place any judgment on anyone for what they do with their personal devices.
But some blame has to be put on the users who download a third-party client for a service that they use for such private purposes. If nothing else, this will just be another sign that the use and capability of consumer technology is far outpacing understanding of how it works. How many high schools and middle schools offer any guidance on safe ways to use technology? And among those that do, how up to date are they?