Last Friday, reports began to surface that hackers planned to release photos taken from the popular photo sharing service Snapchat's apps servers. The Snapchat app allows users to send photos that will appear for a specified number of seconds before disappearing.
However, the service has been plagued by third-party apps that enable users to save received photos without notifying the sender. In this leak, over 200,000 photos of unwitting Snapchat users were published to popular websites 4chan and Reddit, after a third-party app SnapSaved was reportedly hacked.
Leaked Photos Contained Nudity of Minors
A new website called TheSnappening.org published the leaked photos and was promptly shut down, though it had over 15 million views while it was live. Many of the photos are reported to contain nudity of minors.
In a prepared statement, a Snapchat spokesperson said, "Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users' security."
The third-party app in question is a service called SnapSaved.com, the owners of which said they were hacked. In a statement on their Facebook page, SnapSaved admitted, "We had a misconfiguration in our Apache server. SnapChat has not been hacked, and these images do not originate from their database."
Beware 3rd Party Apps
Eric Yaverbaum, New York Times bestselling author and CCO of SavingAmerica.com, cautions users about using third-party apps in general. In an interview on Friday, Yaverbaum told me, "These are third-party apps that you give permission to access your information - if you give permission for another app to access it, you're giving everything away."
Users of any app connected to Snapchat through its API should be concerned about the security of any information they share, he said, reminding users that their information is not private. "If you type in on a keyboard, if you send a picture, if you send a text message, it never goes away. Your digital footprint is forever," he said.
While Snapsaved.com took responsibility for their security, "The Snappening" has raised the question of whether or not Snapchat has done enough to prevent third-party apps from accessing its application programming interface (API).
Snapchat said in a statement, "We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed."
FTC to Snapchat: Stop Misrepresenting Privacy and Security Claims or Else
Just five months ago, however, Snapchat had to settle FTC charges that promises of their messages disappearing were false. According to the FTC's complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," said FTC Chairwoman Edith Ramirez in a statement in May. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."
Users Must Take Responsibility
Users must take responsibility for their own data security and privacy, said Yaverbaum. "It's a new world. Snapchat has an interesting app that I personally wouldn't touch with a ten-foot pole. But I think they do the best they can. So does Home Depot, and Bank of America - everyone tries, but hacking is a sport to these guys. As long as there are hackers out there, I don't think anything is secure on the internet."
Once photos are leaked, the affected users face an exercise in futility in trying to have them removed from the Internet. Even tracking down each of the websites displaying the photo(s) is a near impossible task and once they are removed, they pop up on another site - as SnapSaved users have learned.
Yaverbaum's advice to users is simple. "I would strongly suggest to people that nude photos are a really bad idea, unless you're okay with showing your nude body to anyone at any time. If you're not, don't put it on the internet! It's that easy."