The online leak, via a third party, of images shared on mobile app Snapchat by up to 200,000 teenagers underlines the need for better privacy education, says a security analyst.
The images were leaked after hackers broke into the servers of SnapSaved.com, one of several third-party services that allow Snapchat users to secretly save images that are meant to self-destruct.
In a Facebook posting, SnapSaved.com admitted the hack was enabled by a misconfiguration in its Apache server and confirmed that Snapchat itself had not been hacked.
Snapchat also denied that it had been breached for a second time in two months.
In September 2014, some Snapchat users received spam messages advertising a slimming site, but Snapchat said user login data stolen from other sites was used to hijack Snapchat accounts.
This latest incident shows that more needs to be done to remind Snapchat users, many of whom are teenagers, of the dangers of sending intimate images, said independent security analyst Graham Cluley.
MORE ON MOBILE APP SECURITY
- Securing mobile business apps
- Research reveals widespread mobile app hacking
- User-, app-centric security key in enterprise security architecture
- Where does security come into play with mobile app trends?
- Improving data and app security with SE Android
- Mitigate malicious apps with mobile device security training
- UK trust in mobile apps low, Isaca report reveals
“I suspect that many of Snapchat’s users have been lulled into a false sense of security, imagining that it is safe to share intimate images via the app and believing the marketing propaganda that suggests images will be safely erased forever within 10 seconds,” he wrote in a blog post.
The leak of images stolen from SnapSaved.com is believed to be the work of those responsible for the recent posting of nude photos of celebrities online that were stolen from cloud-based backup services.
However, there is as yet no proof of a link between the two incidents, reports the Guardian.
Although a posting on web forum 4chan advertised that 13GB of Snapchat content had been captured, most – but not all – of the content made available was “mundane” and “boring”, the paper said.
Warnings have been issued that anyone downloading the files could be breaking child pornography laws if any of the images include nude pictures of children under 16, even if a child took the images.
Snapchat has struggled to re-establish user trust after it was the target of a hack at the end of 2013 in which 4.6 million usernames and mobile phone numbers were captured by a site called SnapchatDB.
The hack came just days after Australian firm Gibson Security warned that hackers could exploit vulnerabilities in the Snapchat app.
The hackers said they had exploited the security flaw highlighted by Gibson Security. "We used a modified version of gibsonsec's exploit/method," they were quoted as saying by Tech Crunch.
The hackers said their aim was to raise public awareness around the issue, and also put public pressure on Snapchat to get the exploit fixed.