Security Watch

Keeping Track of patches and hacks in the IT security world.

Source of Snapchat Picture Hack Admits Breach

Third-party site Snapsaved comes clean on its involvement in the "Snappening," the attack on Snapchat and leak of user photos.

Download the authoritative guide:

Snapsaved source of Snapchat leak

The attack and picture leak known as the "Snappening against Snapchat users now has a confirmed root cause, with admitting a data breach. The Snapchat picture leak has led to the unintended disclosure of Snapchat user images.

Reports of the Snapchat Snappening first emerged Friday, with Snapchat itself claiming that it had not been breached. Instead, Snapchat blamed an un-named third-party app for being the source of the images.

That third party has now come forward, and is admitting it was hacked. According to, the breach affected 500MB of images.

"I would like to inform the public that was hacked," Snapsaved wrote in a Facebook post. "We had a misconfiguration in our Apache server."

Apache HTTP is an open-source Web server that is currently the most widely deployed Web server on the Internet. The post confirms that Snapchat itself had not been hacked, and the leaked images do not originate from the Snapchat database.

Snapchat is a service that enables users to share images on a temporary basis, and images are not supposed to be stored. As a third-party app, enables its users to save Snapchat images.

"As soon as we discovered the breach in our systems, we immediately deleted the entire Website and the database associated with it," Snapsaved's Facebook post states.

An anonymous researcher claims in a Pastebin post that the Snapsaved data was provided by a site administrator.

"When the site became unusable, the administrator compiled a full directory of the content and uploaded it to an unindexed Website where you could freely download it," the anonymous poster alleged. denies the anonymous poster's claims and stated: "The hacker does not have sufficient information to live up to his claims of creating a searchable database."

Whatever the root cause and whatever the actual image database availability, the simple fact of the matter is that user privacy has been violated. Certainly, Snapchat itself has some measure of responsibility here as it is their service that is being used, even though the access is being enabled via a third-party app. Snapchat could and should police the use of its API to protect users from apps that could expose them to risk.

For Snapsaved itself, I suspect this is an incident from which the service will not recover. The site has been unavailable for most of Oct. 13 and even if the site does come back up, Snapchat (as I suggest) should block or limit access to its API, which would end the viability of a Snapsaved app.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.