Microsoft Subnet An independent Microsoft community View more

The Snappening: Snapsaved admits to hack that leaked SnapChat photos

Third-party app Snapsaved took responsibly for being hacked, and that's how Snapchat photos were leaked.

Snapsaved
Credit: Snapsaved

The Snappening, a result of Snapchat users trusting the third-party app Snapsaved to save content, means the private photos and videos of as many as 200,000 Snapchatters is the newest massive collection of private photos in the hands of pervs strangers.

Since 4Chan dubbed the hack “The Snappening,” various articles claim the collection of photos and videos to be between 90,000 and 200,000. That’s a far cry from all Snapchat users, since the leaked photos came from people who used the third-party app Snapsaved that allowed them to store Snapchat pictures.

After a Snapsaved admin was accused of compiling “a full directory of the content and uploaded it to an un-indexed website where you could freely download it,” Snapsaved issued a statement on Saturday:

"snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database.”

After discovering the breach, which involved “500MB of images and 0 personal information,” Snapsaved “deleted the entire website and database associated with it.” Furthermore, “The Snappening” is a “hoax. The hacker does not have sufficient information to live up to his claims of creating a searchable database.”

There may not be a searchable database, but social media strategist Kenny Withers grabbed screenshots off 4chan to “catalog” the Snappening as the sequel to the Fappening unfolded.

The Snappening 4chan

A person claiming to be the original leaker said he would not be sharing the images, most of which “are of normal ever day activities; walking to school, showing off your new haircut or cooking a meal.” He added on Pastebin:

I now wish to address the current content holders and possible collectors of this media. Consider for a moment the images of 200,000 people being leaked at once. Do you think that’s a good thing for the Internet? Do you think that will keep our Internet free? I understand there was already a partial leak of videos and images earlier today. I want possible downloaders of this content to understand that this is personal privacy we are invading. I don’t want to come off as a social justice warrior but we constantly fight on a daily basis for Internet freedoms. If this content is posted/leaked it will just be playing into the hands of the individuals who wish to actively monitor all Internet activity. Please for the sake of the Internet we enjoy and love every day, do not leak this content.

Well, that’s a peachy sentiment about personal privacy ironically coming from someone who supposedly started the leak. Since teenagers are Snapchat’s biggest users, then surely some of those photos are risqué enough to be considered child porn. Even if none of them are, but the users believed the photos would poof, what right does anyone have to access and share them?

Security researcher Jonathan Zdziarski explained why self-expiring messaging apps, “such as Snapchat, and others who rely on client-side logic,” are not trustworthy. “In plain English, it means that Snapchat, as well as any other self-expiring messaging app in the App Store, can be hacked (by the recipient) to not expire the photos and messages you send them.” After going into technical details, Zdziarski added:

The moral of the story for developers is simply this: don’t trust end users, and that includes your code running on their devices.

The moral of the story for end users is: don’t trust developers, and refrain from sending content to people whom you don’t trust.

Although SnapChat released a statement insisting that it was not hacked, and claiming “Snapchatters were victimized by their use of third-party apps to send and receive Snaps,” the company might be wise to address the issue of dangerous third-party apps on its blog.

PR damage-control is standard operating procedure, even if it doesn’t go so far as an apology, as was the case with Microsoft CEO Satya Nadella who later said he was “completely wrong” when suggesting women should avoid asking for a raise.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.