A third-party Snapchat client has leaked tens of thousands of user photos

10/14/2014

Some Snapchat users are waking up to an unpleasant surprise this morning. A cache nearly 13GB of private Snapchats is now circulating through 4Chan, in a leak the users have dubbed The Snappening. Snapchat has faced security problems before, but this time the fault appears to be with a third-party app used to catalog snaps that would otherwise be deleted. While users assumed the snaps would only be visible to Snapchat HQ and the third-party app, a data breach left them circulating through the open web.

It's still unclear which service is responsible for the breach, although Business Insider is pointing to a now-defunct web service hosted at Snapsaved.com. At the same time, many of the leaked photos have also been traced back to a site called Snapchat Leaked, suggesting they may have been in circulation for many months already.

"We can confirm that Snapchat’s servers were never breached and were not the source of these leaks," a Snapchat representative said in a statement. "Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed."

Still, it's a reminder that the proliferation of third-party services can present a real security risk. Social networks like Snapchat often encourage outside developers to build new tools on top of their platform, but those same tools can become inviting targets once attackers decide to go after user data. As Snapchat discovered today, the result can often mean real privacy violations for users, even when company servers are never directly attacked.

Comments