Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snapchat Says Users Were Victimized By Their Use of Third-Party Apps

Posted by Soulskill on from the illusion-of-impermanence dept.

Lucas123 writes: Reports that the servers of photo messaging site Snapchat were hacked are being denied by the company, which is now is saying its users were instead victimized by their use of third-party apps to send and receive Snaps. Hackers on 4chan have said broke into the site and they're preparing to release 200,000 photos or videos in their own database that will be searchable by Snapchatter name. According to one report, the third-party Snapchat client app enabled access for years to the data that was supposed have been deleted. The hackers have said they have a 13GB photo library. For its part, Snapchat in a statement reiterated its Terms of Use Policy, that "expressly prohibits" third-party app use "because they compromise our users' security."

59 of 90 comments (clear)

  1. Ban third parties by Rosyna · · Score: 1, Redundant

    So why didn't Snapchat take a proactive approach and ban the third parties? They really depended on the ToS for enforcement of security?

    1. Re:Ban third parties by mythosaz · · Score: 4, Insightful

      Are they going to ban development systems and emulators? Pretty sure BlueStacks can take all the screenshots I want. How about cameras? Eyeballs? Is the analog hole closed yet?

      Anyone who thought a Snapchat image was truly ephemeral was, at best, ignorant.

    2. Re:Ban third parties by AmiMoJo · · Score: 2

      So why didn't Snapchat take a proactive approach and ban the third parties?

      It wouldn't help. Their system is fundamentally flawed because it relies on trusting the client, and the client's OS. The image is displayed on the screen and the app is supposed to then erase it, making sure it can't be screen captured. If the OS allows screen capture, or the app has been modified then the image can be captured.

      All they needed to do was release a modified Snapchat app that allowed users to save images on to warez sites. As well as saving imagines to the phone it also sent them to the hacker's server. The victims didn't even use the app themselves, it was the people they were sending images to.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Ban third parties by Teresita · · Score: 1

      Gone are the good old days when you just paid the blackmailer, he gave you the negatives of your naked ass, and you were done.

    4. Re:Ban third parties by mythosaz · · Score: 1

      A simple "gross negligence" will suffice.

    5. Re:Ban third parties by mythosaz · · Score: 2

      Pretty sure that's the definition of ignorance.

    6. Re: Ban third parties by Anonymous Coward · · Score: 1

      digital signatures built into the application

  2. That 4chan guy, at it again. by rogoshen1 · · Score: 4, Funny

    Will someone please stop this anonymous mystery hacker? he's causing havoc all over the place.

    1. Re:That 4chan guy, at it again. by mythosaz · · Score: 1

      4chan has been taking down a lot recently...

      Moderators can't keep up with the flood of posts in places like /b/, but the level of censorship there is rising pretty quickly.

    2. Re:That 4chan guy, at it again. by mythosaz · · Score: 1

      It's actually the biggest problem with this collection of photos -- the sheer number of them that must include photos of the underage in various states of undress.

      The 130GB "leak" is from a website the most popular 3rd party app dumped to, and some enterprising hacker dumped into a zip file.

      Evan Spiegel, Reggie Brown and Bobby Murphy should be bracing for the class action suit of the century now that the cat is out of the bag and running all over the media, completely with Snapchat photos of nude teens.

    3. Re:That 4chan guy, at it again. by Anonymous Coward · · Score: 4, Funny

      Well we're trying.

      The first two chans were sabotaged or accidentally destroyed before their completion. The third chan vanished without a trace twenty-four hours after being completed. 4chan is our last best hope for peace.

    4. Re:That 4chan guy, at it again. by Mike+Frett · · Score: 1

      That's because Kids don't know any better and Parents don't care.

  3. Will there be nude selfies? by Anonymous Coward · · Score: 1

    I want to subscribe to this. Where is the link? I don't have much going on this weekend.

    1. Re:Will there be nude selfies? by The+Technomancer · · Score: 2

      Given that roughly half of Snapchat's userbase is between the ages of 13-17, you very likely do not want to subscribe to this if you value your freedom.

      --
      Any sufficiently advanced technology is indistinguishable from magic.

      -- Arthur C. Clarke

  4. Go onto Google Play and search for Snapchat by Anonymous Coward · · Score: 1

    What app they think the photos were stolen from? And I say "the think" since they are not giving access to anyone, so I guess that client was mimicking the official client and thus could not be detected by them.

    Go onto Google Play and search for Snapchat. Many are openly advertising themselves as being able to save/leak photos.

  5. Re:What app? by mythosaz · · Score: 1

    There are both unofficial clients that pretend to be the native API and there are capture programs that circumvent the no-screenshot functionality. More sophisticated users can run Snapchat under something like BlueStacks. Less sophisticated users can use the analog hole.

  6. ALERT! SOME ONE LIED ON THE INTERNET by Anonymous Coward · · Score: 1

    Since when is a thread on /b/ news? It's motto is literally

    "The stories and information posted here are artistic works of fiction and falsehood.
    Only a fool would take anything posted here as fact."

    Seriously is this what passes for news today?

  7. What snapchat claimed to do was a form of DRM by pem · · Score: 1
    And we know that can't work. Snapchat's wasn't even any good, anyway.

    Snapchat's response was "they captured images by violating the TOS".

    That's like a bank telling you it's not their fault if you lost money because the bank robber violated their posted TOS.

    1. Re:What snapchat claimed to do was a form of DRM by Anonymous Coward · · Score: 3, Insightful

      No, it's like a bank telling you that it's not their fault when you make a check out to "cash" and someone other then who you intend cashes it.

      Assuming snap chat is correct. In order to be a victim here one of two things needs to have happened:
      1: You use a 3rd party client that leaked your photo - This is 100% your fault
      2: You need to have sent a photo to someone using a 3rd party client which leaked your photo - Maybe you should have shown better judgement when sending out a photo if you were going to get upset about it being released.

    2. Re:What snapchat claimed to do was a form of DRM by QuasiSteve · · Score: 3, Insightful

      What snapchat claimed to do was a form of DRM

      I'm not sure if this has always been the case, or was added later, but for a very long time now, at least the Play Store's description has included:

      Please note: even though Snaps, Chats, and Stories are deleted from our servers after they expire, we cannot prevent recipient(s) from capturing and saving the message by taking a screenshot or using an image capture device

      So nobody should have been under the illusion that it was, in fact, impossible to save these images even if they lived a sheltered life and never imagined the analog loophole.

    3. Re:What snapchat claimed to do was a form of DRM by pem · · Score: 1

      No, it's like a bank telling you that it's not their fault when you make a check out to "cash" and someone other then who you intend cashes it.

      I don't think that analogy is right at all; OTOH, I think I can improve mine a bit: it's like the bank telling you to use their credit card for all your transactions because it's safer than any other banks' credit card (never mind cash), but then disclaiming all liability when there is a hack that makes that not true.

    4. Re:What snapchat claimed to do was a form of DRM by pem · · Score: 2

      I'm not sure if this has always been the case, or was added later, but for a very long time now, at least the Play Store's description has included:

      Yeah but that's like the really fast voice at the end of the drug commercial talking about death.

      So nobody should have been under the illusion that it was, in fact, impossible to save these images even if they lived a sheltered life and never imagined the analog loophole.

      Snapchat's entire premise when it started out was that things were transient. Everybody told the founders it was a stupid idea, because, well, it's a stupid idea. But the people saying it was a stupid idea were making those statements based on impossibility, that the concept was akin to founding a company that would rent out genies that could give out wishes to people.

      Obviously, the founders have the last laugh, because one way to make a lot of money is to rely on a gullible public and ignore the laws of reality. They aren't the first, and won't be the last, to make fortunes based on snake oil.

    5. Re:What snapchat claimed to do was a form of DRM by bruce_the_loon · · Score: 1

      Either yours or his is the correct analogy. If the images come from the Snapchat server, then they are not deleting their images as they claim they are. That is your analogy.

      If the prevailing theory that the popular 3rd party app for Snapchat is breaking the delete-after-x-hours promise by uploading the image to a non-Snapchat server so it can be accessed later, or uploading the image without knowledge of the users of the app because they are sick buggers who want to see what the pics are (NSA I'm watching you), then his analogy is the better fit.

      Either way, people stop assuming your arse and tits photos are secured when you trust the cloud.

      --
      Trying to become famous by taking photos. Visit my homepage please.
    6. Re:What snapchat claimed to do was a form of DRM by pem · · Score: 1
      If a bank were to make a claim that their credit card is perfectly secure, they would be claiming that you can actually use it as you expect, and even if you buy something at a bad merchant, or a merchant that has been hacked, you are protected.

      Even though they disclaimed it in the fine print, Snapchat's entire premise was that you could send you pictures to people, and they could only see them once, for a little bit.

      The analogy about the cash is off-point -- the entire reason people use credit cards instead of cash is security; same as the reason they use snapchat instead of email.

      The difference between the bank and snapchat is this: with the bank, although they didn't promise and you didn't expect perfect security, they will make you whole financially by refund money taken due to fraud, while snapchat is completely the opposite -- they effectively promised better security than they delivered, and none of their users will be made whole.

  8. that's not a lot... by sribe · · Score: 1

    13GB? Seriously, that's not all that many pictures...

    1. Re:that's not a lot... by amicusNYCL · · Score: 2

      It's around 200,000 pictures, actually. No need to figure out how many pictures are in 13GB when they say, right there, how many pictures there are.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    2. Re:that's not a lot... by Matheus · · Score: 1

      Yeah and part B SnapChat pics are *really small... low rez and tiny so you can fit a lot in a little.

    3. Re:that's not a lot... by mythosaz · · Score: 1

      If only there was a way we could figure out the average picture size...

  9. out of 200,000 pics/vids by turkeydance · · Score: 1

    i would want to see, maybe, thirty....most people look better with more clothes on rather than less.

  10. I can just hear Jennifer Lawrence... by swb · · Score: 3, Funny

    Boyfriend: "Wow, that's a great picture....but after the recent photo problem, are you sure you should be sending these kinds of pictures?"

    Jennifer: "No, it's OK. I'm using this App called SnapChat and it deletes them automatically! They can't be saved or end up in the stupid cloud anymore."

    1. Re: I can just hear Jennifer Lawrence... by cyber-vandal · · Score: 1

      And they were all yellow.

  11. I'm disappointed ... by CaptainDork · · Score: 1

    ... so far no one has said that people shouldn't be stupid enough to send nude pics and stuff.

    Of course, our more important junk is up in the cloud, too.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:I'm disappointed ... by sconeu · · Score: 1

      swb did. Right above you.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:I'm disappointed ... by mythosaz · · Score: 1

      Of course, our more important junk is up in the cloud, too.

      "My junk" has been in the cloud for years.

    3. Re:I'm disappointed ... by Greyfox · · Score: 1

      It seems a lot of people like to do this. I'm starting to feel abnormal because the second someone hands me a camera I don't feel in the least bit inclined to take a picture of my penis with it.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    4. Re:I'm disappointed ... by CaptainDork · · Score: 1

      Well. just SHIT! lol

      Thanks.

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:I'm disappointed ... by CaptainDork · · Score: 1

      For me, the cloud would have to be 3" from here.

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re:I'm disappointed ... by Frobnicator · · Score: 1

      I'm starting to feel abnormal because the second someone hands me a camera I don't feel in the least bit inclined to take a picture of my penis with it.

      <troll>Well, with yours you'd need a macro lens or a deep zoom, so your attitude makes sense.</troll>

      More seriously, it is only a tiny subset of the modern society who does that.

      On the male side, I'm guessing they're the ones who assume that if they show it off others will be attracted to them, or at least admire them somehow. They're the flashers who are confused why the women they flash don't immediately open their legs to them. They hear a woman say "What's your name?" and they reply "Can we have sex?" Or a woman sends a "lets go out to the movies" text and he replies with a picture of his junk, somehow believing that is appropriate. I'm hoping that they represent the tiniest sliver of society, but their actions are so outlandish that they get online notoriety.

      On the female side, I'm guessing they're the ones who are desperately craving attention or the ones who give in to pressure. Women who want to show of their bodies can easily find the males looking for it (see above) and wouldn't need to send pics that delete themselves; for these women a permanent picture is unlikely to bother them. But like the males, I think the ones who do it without coercion are a tiny sliver of society, not the norm.

      --
      //TODO: Think of witty sig statement
    7. Re:I'm disappointed ... by Skarjak · · Score: 1

      This is where someone jumps in and goes "blah blah blah blah victim blaming! Blah blah blah offensive! Blah blah blah slut shaming!"

      Giving advice on how to protect yourself is now seen as victim blaming, so you won't see too much of that. We live in a society where if you jump in the tiger's cage and get eaten, it is considered offensive to say that maybe you shouldn't have jumped in the tiger's cage.

    8. Re:I'm disappointed ... by CaptainDork · · Score: 1

      Your analogy would work better if the jumper had been told, repeatedly, that the tiger had been removed.

      --
      It little behooves the best of us to comment on the rest of us.
    9. Re:I'm disappointed ... by Skarjak · · Score: 1

      If you really want to, we could go one step further and make the analogy even more complete by giving the person every reason to believe that the one claiming the tiger has been removed is wrong. Maybe the tiger's tail is showing and you can hear a roar every once in a while. "Oh don't mind that, I swear the tiger is gone." Then yes, I guess the analogy is even more accurate. :)

  12. 600,000 of 30 million users by raymorris · · Score: 1

    Given the small file size of Snapchat pics, it should be about 600,000 pictures out of 30 million users, if I did the math right.

  13. "Their use".. well, actually.. the recipient's use by QuasiSteve · · Score: 4, Interesting

    Snapchat [...] is now is saying its users were instead victimized by their use of third-party apps to send and receive Snaps.

    While I suppose it's possible that that the reference to 'users' in 'their' is a different subset, the phrasing makes it seem that somebody who sent a picture was victimized by their own use of a third party app, while in reality all signs are pointing to the recipient of the photo using said app.

    The recipients hopefully feel doubly-awful not just for betraying their friend's trust (not saving the image implied by the use of snapchat - technical feasibility and analog loopholes aside) in the first place, but for playing a pivotal role in those images possibly becoming public.

    While I'm certainly in favor of educating people that when you send stuff to others, you have lost all control over it, no matter what assurances you get, I'm also in favor of educating people not to be jerks (be that the recipients, or the hackers).

  14. Online at Amazon ... by perpenso · · Score: 1

    Most of snapchat's 25 y.o. users don't even know where to buy a postage stamp.

    Online at Amazon. Of course the seller, USPS, only gets a 4/5 star rating.

  15. Re:"Their use".. well, actually.. the recipient's by The+Technomancer · · Score: 1

    What parent said. Online societal ethics still have a long way to go before they catch up with meatspace ones.

    --
    Any sufficiently advanced technology is indistinguishable from magic.

    -- Arthur C. Clarke

  16. Re:"Their use".. well, actually.. the recipient's by mythosaz · · Score: 1

    ...or, sadly, the other way around.

  17. Snapchat is fundamentally insecure by Sarusa · · Score: 1

    The 3rd party apps only even worked because Snapchat is hideously insecure and has been from day one. It stored the pictures unencrypted on the device and didn't even bother actually erasing them (just moved them to another folder!). It's since improved slightly, but it's a fundamentally insecure design and they're apparently being too disruptive and innovative to fix it.

  18. $150,000 per copyrighted work by gnasher719 · · Score: 1

    Should these guys really release 200,000 pictures, they would owe the copyright holders up to $30bn dollars in stautory damages if convicted.

  19. ISP web hosting, instead of Snapchat and Facebook by myid · · Score: 2

    Back around the year 2000, ISPs used to offer free web hosting to their customers. Some ISPs had templates that you could fill in with text and uploaded images, to make it simple to create a web page.

    If ISPs still offered that service, and if customers who don't know how to write a web page used the service, then private web sites would be more dispersed, and therefore less tempting to crack. (Also, the customers wouldn't have to give out personal information, besides the info that they already needed to give out for their Internet connection.)

    This service should let the customers password-protect their web pages.

    This could be a more private and secure service for customers who just want a simple "Hello, this is me" web site.

  20. Re:What app? by brantondaveperson · · Score: 1

    Wouldn't the analog hole be taking a film photo of your phone while the image is visible? It's more of a digital hole really.

    Sorry.

    But in any case, isn't it about time that people stopped sending photos of their bits over the internet the whole time? And perhaps SnapChat should be in a little bit of hot water for suggesting that the photos are ephemeral - you shouldn't make promises that you can't keep.

  21. Senders may be vulnerable too by drnb · · Score: 1

    If a 3rd party app sends a copy of an image to a 3rd party server it may very well do so when sending and receiving. Its premature to say that senders did not directly compromise their own data.

    1. Re:Senders may be vulnerable too by QuasiSteve · · Score: 1

      Except that the signs point to SnapSaved.com, which only let you receive and save images; sending was to come at a future time, either via webcam or file upload.

      You can read a statement from them at their facebook page:
      https://www.facebook.com/Snaps...

    2. Re:Senders may be vulnerable too by drnb · · Score: 1

      Except that the signs point to SnapSaved.com, which only let you receive and save images; sending was to come at a future time, either via webcam or file upload.

      Go to Google Play and you will find numerous snapchat clients. It really is premature to say we know the full story.

    3. Re:Senders may be vulnerable too by QuasiSteve · · Score: 1

      How many of the numerous snapchat clients have been implicated, and how many of those have denied and/or admitted to foul play?

      Official SnapChat: Implicated and denied
      SnapSave: Implicated and denied
      SnapSaved: Implicated and admitted

      While it's fair to say that there's a hypothetical situation in which other apps also stored the images, and that said other apps might also do so when sending them, and that said other apps' hosting servers were also hacked - that same hypothetical line of thinking means we'll never know the full story, period.
      At least the evidence so far implicates recipients as playing a pivotal role, rather than senders.

  22. Re:ISP web hosting, instead of Snapchat and Facebo by allo · · Score: 1

    and they added a hidden .impressum.html with the real name / address of the user. meh.

  23. Senders *are* vulnerable too by drnb · · Score: 1

    At least the evidence so far implicates recipients as playing a pivotal role, rather than senders.

    Wrong. As I speculated, a 3rd party app that sends the images of recipients to a 3rd party website may very well also send images of senders to a 3rd party website.

    "SnapSaved was a Web-based client built for Snapchat that allowed users to access “snaps” from a Web browser. However, the service, which according to DNS records ran on a server at the hosting company HostGator, apparently kept all images received or sent by its users without their knowledge."
    http://arstechnica.com/securit...

    1. Re:Senders *are* vulnerable too by QuasiSteve · · Score: 1

      Last I knew SnapSaved could not yet send pictures.

      Whether Ars is simply writing this as an assumption that you could, or whether you actually could, I wouldn't know.

      However, I never said that in the eventuality that people used a third party service to send them that they would not also be 'vulnerable'. That's not even material to my comment.

      I will happily concede that IF you could send through SnapSaved and IF they saved the sent images as well, THEN the sender could obviously also be blamed for using that third party service.

      But you still can't blame everybody else using the official client for sending TO that person just because THEY used a third party service.

    2. Re:Senders *are* vulnerable too by drnb · · Score: 1

      But you still can't blame everybody else using the official client for sending TO that person just because THEY used a third party service.

      Why not? They willingly transmitted data via at least one intermediate party (snapchat itself plus 3rd party clients). If there is anything well known and consistent about the internet it is that private data gets leaked in many unexpected ways. The sender knows the data is sitting on at least snapchat's servers for some indeterminate time frame.

      In short the sender knowingly gave control of their private data to an outsider. There is no way to say that the sender does not share some portion of the blame.

    3. Re:Senders *are* vulnerable too by QuasiSteve · · Score: 1

      Because that's a different discussion already adequately covered by "While I'm certainly in favor of educating people that when you send stuff to others, you have lost all control over it, no matter what assurances you get".