The attack and picture leak known as the “Snappening against Snapchat users now has a confirmed root cause, with Snapsaved.com admitting a data breach. The Snapchat picture leak has led to the unintended disclosure of Snapchat user images.
Reports of the Snapchat Snappening first emerged Friday, with Snapchat itself claiming that it had not been breached. Instead, Snapchat blamed an un-named third-party app for being the source of the images.
That third party has now come forward, and Snapsaved.com is admitting it was hacked. According to Snapsaved.com, the breach affected 500MB of images.
“I would like to inform the public that Snapsaved.com was hacked,” Snapsaved wrote in a Facebook post. “We had a misconfiguration in our Apache server.”
Apache HTTP is an open-source Web server that is currently the most widely deployed Web server on the Internet. The Snapsaved.com post confirms that Snapchat itself had not been hacked, and the leaked images do not originate from the Snapchat database.
Snapchat is a service that enables users to share images on a temporary basis, and images are not supposed to be stored. As a third-party app, Snapsaved.com enables its users to save Snapchat images.
“As soon as we discovered the breach in our systems, we immediately deleted the entire Website and the database associated with it,” Snapsaved’s Facebook post states.
An anonymous researcher claims in a Pastebin post that the Snapsaved data was provided by a Snapsaved.com site administrator.
“When the site became unusable, the administrator compiled a full directory of the content and uploaded it to an unindexed Website where you could freely download it,” the anonymous poster alleged.
Snapsaved.com denies the anonymous poster’s claims and stated: “The hacker does not have sufficient information to live up to his claims of creating a searchable database.”
Whatever the root cause and whatever the actual image database availability, the simple fact of the matter is that user privacy has been violated. Certainly, Snapchat itself has some measure of responsibility here as it is their service that is being used, even though the access is being enabled via a third-party app. Snapchat could and should police the use of its API to protect users from apps that could expose them to risk.
For Snapsaved itself, I suspect this is an incident from which the service will not recover. The Snapsaved.com site has been unavailable for most of Oct. 13 and even if the site does come back up, Snapchat (as I suggest) should block or limit access to its API, which would end the viability of a Snapsaved app.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.