Hackers to leak thousands of unauthorized Snapchat pictures
Hackers are planning a massive online leak of as many as 200,000 photos and videos, many of them nude, captured using photo messaging app Snapchat.
The compromising Snapchat photos and videos are in the process of being leaked onto popular online forum 4Chan, the same site that housed the first leaked nude photos of actress Jennifer Lawrence and other celebrities.
Hackers were able to collect user photos and videos sent through a third-party app that lets you save Snapchat transmissions. Within the traditional Snapchat app, photos and videos that users send to friends "disappear" after several seconds.
Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our ToU.
Underground photo-trading chat rooms have been abuzz recently with a big event, Business Insider reported. 4chan users have downloaded 13 Gigabytes' worth of photos and videos and are creating a database to search the stolen images. Snapchat photos and user names were saved on the third-party site SnapSaved.com, which has since gone out of service online, according to Business Insider's report.
There is concern that since Snapchat, which Yahoo reportedly is set to invest in, skews to a younger crowd, many of the photos will be of minors -- and could amount to child pornography, if viewed.
Whether the incident is a hoax or "one of 4chan's elaborate hoaxes," says Aryeh Goretsky, a research with security firm ESET, app users need to practice restraint. "It is important to keep in mind that while an initial product or service may be quite secure, plug-ins, add-ons, extensions and third-party offerings used with it may not be subject to the same high levels of security, reliability or confidentiality."
Even Snapchat users who did not use third-party apps could be victims, said Patrick Wardle, director of research at crowd-source security startup Synack. "This is an interesting scenario because the sender of an image doesn't know if the recipient is using a third party service like SnapSaved.com or other third party applications. Therefore, everyone who sends a message using SnapChat's service could be at risk," Wardle said.
Whether or not Snapchat's servers were breached, there exists technology "that would prevent these types of situations," said Hagai Bar-El, chief technology officer for Sansa Security. "To protect against future (attacks), it's important to deploy authenticated connectivity to the server using provisioned keys running in isolated code. With that in place, the server could be made to refuse to talk to non-clients."
This isn't the first time that Snapchat has been hit with concerns about privacy. Back in May, it settled with the Federal Trade Commission after the agency charged Snapchat with deceiving users on the amount of personal data it collects and how it protects it. At one point, a high-profile breach tied to the Find Friends feature exposed the user names and phone numbers of 4.6 million users, the FTC said.
The agency also criticized Snapchat for the third-party apps that allow saving of photos and videos. As part of the settlement, Snapchat faces independent privacy monitoring for 20 years.