Snapchat leak shows need for better privacy education, says security analyst

The leak via a third party of images shared on Snapchat underlines the need for better privacy education

The online leak, via a third party, of images shared on mobile app Snapchat by up to 200,000 teenagers underlines the need for better privacy education, says a security analyst.

The images were leaked after hackers broke into the servers of, one of several third-party services that allow Snapchat users to secretly save images that are meant to self-destruct.

In a Facebook posting, admitted the hack was enabled by a misconfiguration in its Apache server and confirmed that Snapchat itself had not been hacked.

Snapchat also denied that it had been breached for a second time in two months.

“Snapchatters were victimised by their use of third-party apps to send and receive Snaps, a practice that we explicitly prohibit in our terms of use precisely because they compromise our users’ security,” Snapchat said in a statement.

In September 2014, some Snapchat users received spam messages advertising a slimming site, but Snapchat said user login data stolen from other sites was used to hijack Snapchat accounts.

This latest incident shows that more needs to be done to remind Snapchat users, many of whom are teenagers, of the dangers of sending intimate images, said independent security analyst Graham Cluley.


“I suspect that many of Snapchat’s users have been lulled into a false sense of security, imagining that it is safe to share intimate images via the app and believing the marketing propaganda that suggests images will be safely erased forever within 10 seconds,” he wrote in a blog post.

The leak of images stolen from is believed to be the work of those responsible for the recent posting of nude photos of celebrities online that were stolen from cloud-based backup services.

However, there is as yet no proof of a link between the two incidents, reports the Guardian.

Although a posting on web forum 4chan advertised that 13GB of Snapchat content had been captured, most – but not all – of the content made available was “mundane” and “boring”, the paper said.

Warnings have been issued that anyone downloading the files could be breaking child pornography laws if any of the images include nude pictures of children under 16, even if a child took the images.

Snapchat has struggled to re-establish user trust after it was the target of a hack at the end of 2013 in which 4.6 million usernames and mobile phone numbers were captured by a site called SnapchatDB.

The hack came just days after Australian firm Gibson Security warned that hackers could exploit vulnerabilities in the Snapchat app.

The hackers said they had exploited the security flaw highlighted by Gibson Security. "We used a modified version of gibsonsec's exploit/method," they were quoted as saying by Tech Crunch.

The hackers said their aim was to raise public awareness around the issue, and also put public pressure on Snapchat to get the exploit fixed.

Read more on Privacy and data protection