A highly publicized leak of thousands of private Snapchat photos has shocked the world into the realization that celebrities are not the only ones whose private photos are being targeted by hackers.
Only a few of Snapchat users should be concerned with this leak, in which thousands of private images have been obtained by hackers and released to the general public via the internet.
The leak originated not from Snapchat itself, but from a third party app called Snapsave. This app allows its users to save the snaps they receive for an indeterminate amount of time. Snapchat promises that photos sent through their service are deleted forever—and that if the receiver of the Snapchat takes a screenshot, the user is notified. The creators of Snapsave, however, have found a way to work around that, allowing its users to save the once perishable photos without the sender ever knowing.
According to Snapchat’s blog, once the photo is sent from the application, the image data is put onto one of their servers.
“Once we’ve been notified that a snap has been opened by all of its recipients, it is deleted from our servers,” reads a post from the Snapchat blog. “If a snap is still unopened after 30 days, it too is deleted from our servers.” It’s during this time, when the file is still on the server, that the image is most vulnerable, and when apps like Snapsave capitalize.
Whenever users access data through a third party app like Snapsave, the app requests the data from the initial Snapchat servers, acting as just another “Snapchat” app for the user. Once the data is received, the third party app can do anything with the image. In this case, Snapsave takes that data, saves it onto one of its own servers, and allows its users to open up the images. At that point, users can look at the images as long as they want and ultimately save them. While Snapsave hasn’t specified whether they save these photos, the recent leak indicates that they are accesible long enough for cybercriminals to get to them. Hackers have found a weak point in the security of Snapsave database’s, allowing them to access the data stored on
their servers.
Some are blaming Snapchat for this leak, claiming that the app’s lack of a screenshot option that doesn’t notify the sender is responsible for the need for a third-party app. This feature is what prompted users to start using Snapsave. It also attracted the attention of the Federal Trade Commission and led to a dispute early this year with Snapchat over this particular aspect of the application.
In the same dispute, the FTC filed a suit citing Snapchat’s failure to secure its “Find Friends” feature. That failure may have resulted in a security breach, enabling attackers to access millions of Snapchat usernames and phone numbers.
The weakness of one third-party client app also raises the question of how at risk other third-party applications like 6snap or Snaptastic, both apps for Windows phones, might be.
Another interesting technology controversy is the iCloud leak that occurred over the summer, also dubbed “the Fappening”—a massive invasion of privacy that has now expanded into a two-part leak. Unlike the leak from Snapsave in which hackers found a flaw in the security of the third-party app, the photos taken directly from celebrities’ private iCloud accounts was a simple matter of guessing the right password.
“For things like a bank account and stuff for FAFSA, I probably should make it more secure, but then again I think, well I’m not really famous so who wants to know my information” said senior Shraddha Shirude.
“I’m not very good at thinking of new passwords, so I’m usually using the same one even though they say ‘don’t do that’,” said sophomore Chloe Schiffman. “But as far as important accounts, I should probably make sure they are secure, but for the most part there isn’t really a need to do anything.”
Many of those affected by the leak are female celebrities. The list includes Jennifer Lawrence, Victoria Justice, Kate Upton, and Aubrey Plaza, just to name a few.
“In my opinion this is a sex crime,” said Jason Miller, professor of Sociology and Visual Anthropology at Seattle University. “If we look at other sex crimes, viewers of child pornography are also guilty, and not charged as just ‘voyeuristic’… it seems to me that [the women in these photographs are] being violated in the same way.”
Finding justice for the celebrities afflicted will probably be hard to come by because of the internet’s anonymity.
“We need to be conscious on how we’re using new media because many of them aren’t safe, even devices we think are obviously ‘safe’, whatever that means, maybe aren’t,” Miller said. “We need to grapple with the kind of purposes of that kind of technology and its potential.”
The editor can be reached at [email protected]