Snapchat photos being released by the gig

[thewayne]

Snapchat is a picture message service with a difference: once viewed, the message is deleted, never to be seen again. Great for teens to sext each other, right? Wrong. Someone wanted persistence and set up a server to archive these pix. And that server got compromised. So now there are a huge number of what amounts to kiddie porn floating around the interwebs since the biggest demographic of Snapchat users are from the ages of 13 and 17.

Google Translation of original German site:
http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fsecurity%2F

You might have to dig down for the link to The Snappening, the Google URL seems to be linking to the top of the site.

Comments

[silveradept]

Unsurprising - now, was it that anyone who used Snapchat could have been caught by this, or only people with archiving apps installed?

[thewayne.livejournal.com]

From what I have read, the issue was with a service called SnapSaved. They reverse engineered Snapchat's API, found some vulnerabilities, and it allowed them to archive what were supposed to be ephemeral pix and vids. So there's two problems here: Snapchat wrote a buggy API (for which they have been criticized) and some users wanted permanence, thus creating a demand for SnapSaved and negating the purpose of Snapchat. I get the impression that were one party to send an image to another and the second party is using SnapSaved, the first party might never know.

I came across this today which talks about some of what's going on:
http://www.wired.com/2014/10/the-snappening-is-not-your-fault/

[silveradept]

Lovely - a lack of sufficient security on one end leaves to the ability to satisfy the demand for permanence, which is then distributed widely because of a lack of sufficient security. Not quite For Want Of A Nail, but it seems close.