Alleged Snapchat Hack Raises Questions About App’s Privacy Promises
The photo-sharing app Snapchat offers a false sense of privacy by promising it will erase photos.
In fact, numerous third-party apps like SaveSnap, SnapBox and SnapSpy offer users the ability to save incoming photos.
Their mere existence undermines Snapchat’s purpose. And if these third-party apps are unsafe, Snapchat is too. An Internet storm brewing Friday offered a prime example.
One of those third-party services was supposedly hacked, according to Business Insider. Misfits on the image-sharing website 4chan.org claim they hacked into a third-party app and stole 100,000 photos and videos.
This collection, which might be published this weekend, is likely to include child pornography. Snapchat is popular as a tool for sending nude images. And half of its users are teenagers between the ages of 13 and 17.
“Everyone who sends a message using Snapchat’s service could be at risk,” said Patrick Wardle, research director at security firm Synack.
Snapchat is adamant that its servers were not hacked. But that doesn’t matter, because there’s a hole in their entire system.
Computer security experts already reject the Snapchat platform. Critics have previously noted that anyone can take a screenshot of an incoming photo — or use a separate camera to take a picture of the screen.
But the hack of third-party apps reveals another flaw in Snapchat’s platform — and questions the company’s commitment to security, according to computer security researcher Jonathan Zdziarski.
One, Snapchat isn’t doing enough to protect its software. That’s why third-party apps can essentially hack its platform. Two, Snapchat hasn’t succeeded in convincing Apple and Google to keep what are essentially “Snapchat hacks” out of their app stores.
Neither Apple nor Google responded to questions about the matter.
Snapchat did not explain why others are so easily able to reverse engineer the company’s software and thwart its privacy features.
Chris Wysopal, cofounder of security firm Veracode, said Snapchat should try to ban these third-party apps.
This is the kind of revelation that could question Snapchat’s $10 billion valuation. (On a related note, the company turned down a $3 billion buyout offer from Facebook.)
This episode also drew criticism from Snapchat competitor Wickr, an app that offers self-destructing, encrypted messages.
Wickr CEO Nico Sell noted that if Snapchat sent encrypted messages — that only get decrypted by the Snapchat app — it could have blocked third-party apps and avoided this entire fiasco.
“They don’t take security seriously,” Sell said. “They could have fixed this with a technical solution. For them to say, ‘Oh our servers weren’t breached’ is irresponsible.”
Consider this incident a reminder: Nude selfies aren’t private once they leave your possession.
“The whole idea of expiring messages is laughable,” Zdziarski said.
CNNMoney is investigating recent hacks. Have you had money stolen from your bank account? Has someone stolen your identity? Share your story.