Snapchat Hacked: 200,000
‘Self-Destruct’ Images Set to Leak

By
Fred Touchette and Mark James

 

Following the news that 4chan hackers have hacked into 200,000 Snapchat accounts, Fred Touchette, manager of security research, AppRiver and Mark James, security specialist, ESET explain why there is always a risk when using these types of apps and what users should do:

 

 

Fred Touchette, Manager of Security Research, AppRiver explains:

There is always an inherent risk involved when someone uses a product or service in a way that is unintended. SnapChat itself hasn’t reported any breaches and because it doesn’t keep any of the images that pass through its service, it remains an unlikely target. Instead people who are trying to get around SnapChat’s security features by using 3rd party apps in order to keep a record of images and videos from the service have opened themselves up, as well as the likely victim senders who remain unaware of their recipients’ carelessness or intent, to the possibility of this type of attack.

People are very concerned with their privacy, and rightly so. However a lot of people fail to grasp the concept that the internet is not a very private place. The best way to keep those photos safe is to not post them anywhere online, even if you think that server in the cloud is only for your eyes only.

Mark James, Security Specialist, ESET explains:

The very concept of Snapchat leads the user to believe that their photos or videos are deleted very quickly after they have been shared. In 2013 a complaint with the federal trade commission stated this was not the case and this information could in fact be retrieved after the time limit expired. The user however will still use the app believing they are safe from hackers as Snapchat servers hold no information that could be hacked or compromised.

It would appear that the hundreds of thousands of images that have been hacked have actually come from a third party Snapchat client application or web site that has been storing these images for years. The user having installed these third party apps or using these websites may or may not be aware that these images have been saved and still believe that they are instantly deleted, sadly as more than half of Snapchat users are believed to be between 13 and 17, the potential for underage indecent material is extremely high.

Regardless of what photos were taken, the people at fault here are the hackers. It’s easy to say it’s the users fault, but however you look at it they were stolen. Of course we should always be very sure of what applications have access to our data and review every app that we install. If the app is a “front end” for another app or “works closely” with an original app and has access to the log in information for that said company then we should be certain it does not change how data is stored.

In the terms and conditions for Snapchat they state quite clearly:

“After opening a Snapchat account, you accept all responsibility for any activity that occurs while logged into your account. You are responsible for making sure that you keep your password secure and safe. You agree that you will not share your password with others or do anything that might jeopardize the security of your account.”

The key part here is “You are responsible for making sure that you keep your password secure and safe” and allowing a third party website or application access to your data is not keeping your password secure and safe.

This incident again showed that it’s all about perception of what is secure and what is not. The best advice I can offer in this case and the next “when it happens,” is do not use your smartphone or tablet to take images of you or your partner if you want them to remain private.