Photo messaging mobile application Snapchat has confirmed it has been the victim of the latest indecent photo leak, already referred to as the “snappening” online, but has denied it being hacked directly. According to various media sources, a number of 90,000 photos – most of them “explicit in nature” have been leaked online. Snapchat has confirmed the fact, but has denied its direct responsibility – there were some third party apps that were compromised, giving attackers access to pictures that should have been already deleted.
According to a Snapchat spokesperson cited by Recode.net, the hackers attacked applications linking to the service through an API (application programming interface). Snapchat users can choose from a variety of third party services – like Snapsaved or SnapSave – where they can save the otherwise temporary picture messages, but they are also handing over their credentials to the operators of such services. Snapsaved.com, one of the above services, has indeed confirmed being hacked over the weekend – an attack that has exposed the materials of over 200,000 users. Thus, Snapchat itself is not to blame in this case – at least not directly.
According to the description of the Snapchat service, all messages sent by its users are supposed to be temporary – not permanently stored on any servers. Snapchat’s developer API allows, though, for these messages to be saved, but only with appropriate credentials. A post published today on Snapchat’s blog explains the best what this means – for such a service to work, users must provide it with their username and password. Basically, users choosing such services hand over their login credentials to a developer, and possibly a criminal, offering them easy access to their account and the possibility to send snaps and access their user information.
[ads2]
Snapchat has revised its Terms of Use because of the recent events, explicitly prohibiting third parties to offer Snapchat services to their users. Team Snapchat warns its users that any application claiming to offer additional Snapchat services and not coming directly from them is not to be trusted, and violates the company’s Terms.