More than 100,000 user images sent using ‘self-destructing messaging app’ Snapchat have reportedly been uploaded online and are currently circulating via 4chan – but just how did these images get stolen and what's the danger to Snapchat's users?
How were the images stolen?
A third-party website named SnapSaved.com allowed users to covertly save incoming messages by giving their login details to the site. This let SnapSaved access Snapchat's servers on their behalf and store their images permanently on the site, which was itself hacked by unknown individuals.
Wait, what’s the difference between SnapSaved and SnapSave?
SnapSaved was a website (it’s now offline) while SnapSave is an app. The two programs offered an identical service and used similar branding but appear to be unconnected, with the creator of SnapSave (that's the app) telling tech site Engadget: “Our app had nothing to do with it and we’ve never logged usernames/passwords.”
What images were stolen?
It’s not quite clear, but comments from users on 4chan and Reddit suggest that the images are mostly “of normal every day activities; walking to school, showing off your new haircut or cooking a meal,” with one user reporting that there was only "maybe 100MB of actual nudes."
However, the size of the database has been estimated to be between 100,000 and 200,000 images, and with the majority of Snapchat’s users under the age of 18 it’s likely that at least some of the images would be classified as child pornography.
What about this ‘searchable database’?
The scariest part of this story is the suggestion that the images have been indexed – ie, that hackers could simply punch in a username and then find all of that person’s messages. Thankfully, this doesn’t seem to be entirely true.
When users signed up to SnapSaved.com the messages they received were apparently stored by username but this index seems to have been been lost – meaning the database (a massive one remember) is an un-sorted jumble, making it harder for hackers to connect images to individuals. Why is called ‘The Snappening’?
It’s named after ‘The Fappening’ – the term given by Reddit users to the publication of images stolen from celebrities’ iCloud accounts last month. This phrase was itself a combination of ‘The Happening’ (an M. Night Shyamalan film from 2008) and ‘fapping’, slang for masturbating.
Is this Snapchat’s fault? Is the app safe?
The answer to both questions is ‘not really’. In the most basic sense Snapchat isn’t safe simply because users have always been able to take screenshots of messages, often without the sender’s knowledge.
And although this breach is not Snapchat’s fault it’s far from the first time the company’s security protocols have fallen short. Users are advised to steer clear of third-party programs - but even then, they can't know that their friend's haven't signed up to such an app and are saving images without their knowledge.Reuse content