Each day, hundreds of millions of people use Snapchat to send pictures and videos to their friends. The messages can only be viewed for a few seconds, upon which they self-destruct, never to be seen ever again. This concept allows for sensitive – even intimate – photos to be sent, with an expectation of them being kept private.
That may soon change. Some 200,000 Snapchat accounts are alleged to have been breached by users of the 4chan imageboard, after a third-party Snapchat client was purportedly compromised. The hackers are are threatening to release photos and videos associated with the accounts in a searchable database, in an event that has been dubbed ‘The Snappening’.
A sizable proportion of Snapchat’s users are below the age of 18, with over half being between the ages of 13 and 17.
The name ‘The Snappening’ nods to ‘The Fappening’; an incident that took place earlier this year that nearly 200 photos of celebrities leaked to 4Chan and Reddit, after Apple’s iCloud services were breached.
Are you a Snapchat user? Worried about a potential leakage of your personal and private videos? Read on to find out how this might affect you.
Unraveling The Snappening
Snapchat themselves have a checkered history when it comes to security. Earlier this year almost 4.6 million users had their usernames and phone numbers leaked in an online, searchable database, after an exploit was discovered in their API which allowed users to verify phone numbers against usernames through simple brute-forcing.
But despite their shaky reputation when it comes to privacy and security, Snapchat are adamant they’re not responsible for the leaking of any photos or videos. In a statement, they said:
Instead, the blame has been cast on two different third-party services – SnapSave and SnapSaved.com (note the past tense).
The former claims to be ‘the ultimate Snapchat replacement app’. Snapsave – which has been removed from the Google Play store, and is distributed as an APK – offers the same functionality as the official app, in addition to allowing users to save a copy of photos and videos that are sent to them.
“Our app had nothing to do with it and we’ve never logged username/passwords.”
Furthermore, they stressed that SnapSave doesn’t allow users to save content on their servers. Rather, SnapSave creates a copy that is stored locally on the user’s device.
The other service accused of being the source behind the leaked photos is SnapSaved.com.
According to Business Insider, the site was shut down several months ago, and until recently redirected to a Danish shopping site selling TV accessories. Business Insider also asserts that most of the photos that have been publicly leaked are overlaid with Danish text, with Norwegian tabloid Dagbladet is reporting that many of the victims are Danes and Norwegians.
It’s also unclear who operated SnapSaved. The Whois details of the site – which usually show the name, address and email of the site owner – have been obfuscated. Despite that, they have a seemingly genuine Facebook page which has been active since October 2013. Postings are few and far between, but one contains a screenshot of the SnapSaved website.
It’s worth stating that this Facebook page only has 378 likes, and only three people have posted comments on their wall. This doesn’t really paint a picture of a site with over 200,000 users.
Also on their Facebook account is a statement confirming they had indeed been hacked. In the statement, the (unnamed) owners strongly downplayed the extent of the content that has been stolen (500mb, instead of the 13GB that has been widely reported), as well as the ability for the hackers to create a searchable database of the leaked material.
The Facebook post also refers to a statement hosted on Pastebin. This purportedly comes from the SnapSaved hacker, in which he states that he was provided the archive by the administrator of the site. He also states he will not be releasing any leaked content, due to it being an ‘invasion of personal privacy’ and its potential implications for digital liberties.
“I now wish to address the current content holders and possible collectors of this media. Consider for a moment the images of 200,000 people being leaked at once. Do you think that’s a good thing for the Internet? Do you think that will keep our Internet free? I understand there was already a partial leak of videos and images earlier today. I want possible downloaders of this content to understand that this is personal privacy we are invading. I don’t want to come off as a social justice warrior but we constantly fight on a daily basis for Internet freedoms. If this content is posted/leaked it will just be playing into the hands of the individuals who wish to actively monitor all Internet activity. Please for the sake of the Internet we enjoy and love every day, do not leak this content.”
The author concludes the statement by apologizing to anyone affected by the hack, and imploring users of Snapchat to ‘think before they post’:
“I’ll sign off this release by saying I never imagined a story like this having such a global effect. I wish to apologize to anyone that was affected by these happenings. It was not my intention to pervert your personal property. I hope if anything this will bring attention and awareness to the fact that you should, if at all possible, never send explicit images of yourself over a medium which you do not directly control. In short, I will NOT be leaking any content today, tomorrow, or ever. I wish for these images and videos to remain private for the benefit of both the Internet and of personal privacy. I wish you all the best and please think before you post.”
At the time of writing, a 584MB archive of videos has been released on a number of popular file-sharing websites. The torrent purports to be the first tranche of videos released from the SnapSaved leak. Due to the distasteful and almost certainly illegal nature of the content, I have not downloaded it. As a result, I am unable to make any claims to its veracity.
What Do We Know For Sure?
So far, nothing is certain.
We’ve not seen any conclusive evidence that 13 gigabytes of images have been leaked. Indeed, this could just be a massive exercise in trolling. It wouldn’t be the first time. Time will only tell, but I’m staying skeptical.
Until then, there are a few lessons to be learned from this story. First, as the alleged hacker said, it’s inadvisable to post images of an intimate nature onto a platform you do not control. Matt Smith suggests you instead use apps like TextSecure and Privatext, as they offer encryption and cannot be accessed by the service provider, unlike Snapchat.
You’d also be encouraged to be skeptical about what third-party services you grant access to your Snapchat, Facebook, Email and Twitter accounts. Should they get compromised, you could see that you lose control over your own private, intimate messages, photos and videos.
Have you got any thoughts on this story? Were you a user of SnapSaved? Let me know; the comments box is below.