Over the weekend, the Internet was abuzz with rumors that Snapchat, the insanely popular ephemeral picture- and video-messaging app, was hacked and that users' pictures and videos would soon be released. While it may seem far-fetched that an app with self-destructing media would be hackable, you only need to look at the "fappening" (the iCloud celebrity photo hack) to see that "The Snappening" wasn't too unfathomable, especially since the company has been hacked (for usernames and passwords, not photos and videos) before.
Well, today we got our answer: Snapchat wasn't hacked, but isn't completely secure. And sadly, the fears of leaked user photos and videos were realized earlier today -- much of it technically being child pornography.
Here's a rundown of what actually happened:
Snapchat Was Not Hacked
Snapchat itself was not hacked. Users' accounts are not compromised, and if you used only the app itself, your ephemeral photos will stay that way.
Third-Party Site Snapsaved.com Was (Sort of) Hacked
Instead, the hack was of third-party service Snapsaved.com, which allows users to do the exact opposite of what Snapchat was invented for: saving those disappearing photos. The company admitted its fault earlier this week, and immediately shut down its servers and website as soon as the breach was detected, reports TechCrunch.
Nonetheless, that still means many users' photos and videos, some of which undoubtedly qualify as child pornography, were obtained and leaked to the wider Internet.
The lesson, of course, is obvious: Don't share your credentials to a privacy-protecting app with a third-party website. Unfortunately, many teenagers are too naïve to know better.
Snapchat Criticized Anyway
Snapchat should be in the clear, right? After all, it wasn't the company's servers that were hacked. And as Snapchat pointed out immediately, its terms of service warn users against sharing credentials with third-party services, all of which are unauthorized. (C'mon Snapchat, you know nobody reads those TOS thingies, especially teenagers.)
Hack or no hack, many are pointing the finger at Snapchat anyway, largely because of its insecure API (the back-end of the program). The company notes on its blog that its API is private, not public, and that all of these third-party apps are unauthorized, which makes the "Snappening" somebody else's fault -- the users. But Wired argues that Snapchat needs to do better and secure its API, especially since so many third-party companies have been able to reverse engineer the API.
Related Resources:
- Do Snapchat Messages Really Vanish? Ask the FTC (FindLaw's Technologist)
- Next Big Practice Area: Privacy Class Action Lawsuits? (FindLaw's Technologist)
- Snapchat Privacy Settlement: What Users Need to Know (FindLaw's Law and Daily Life)
