The vast haul of Snapchat images obtained by hackers in a breach discovered last week should serve as a massive wake-up call to consumers, warns an expert, noting that users may have been lulled into a false sense of security.
“More clearly needs to be done to remind Snapchat’s millions of users – many of whom are teenagers – of the dangers of sending intimate images that may later leave them humiliated or embarrassed if shared with unauthorized parties,” wrote Oxford, U.K.-based computer security expert Graham Cluley, in a blog post Monday. “As has been known for some time, there will always be ways for Snapchat images to be preserved by recipients – even if you were hoping they would expire and delete themselves a few seconds after being viewed.”
The leak, dubbed “the Snappening,” could involve up to 200,000 images, according to media reports, which say that the collection may contain images of child pornography. The files were reportedly posted online via fake website viralpop.com, which installed malware on computers trying to download the images. Viralpop.com is no longer available online.
However, at this stage, specific details of the hack have not yet emerged.
In a statement, Snapchat -- which reports having 100 million monthly active users -- said that it was not the source of the breach and that its servers were never hacked. Instead, Snapchat blamed the leak on unnamed third-party apps used to send and receive messages, or Snaps, a practice that Snapchat’s terms of use prohibit.
"We vigilantly monitor the iTunes App Store and Google Play for illegal third-party apps and have succeeded in getting dozens of these removed," said Snapchat, in its statement emailed to FoxNews.com.
News reports suggest that the images were taken from a now-defunct website called Snapsaved.com.
In a statement posted on Facebook, Snapsaved.com said that it was hacked, citing a misconfiguration in its Apache server. However, the website denied the rumor that a Snapsaved.com dictionary index was made public.
Snapsaved.com said that it took prompt action on discovering the breach.
“As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database Associated with it,” it explained, in its statement. “As far as we can tell, the breach has effected 500MB of images, and 0 personal information from the database.”
Snapsaved.com added that it has always fought child pornography, noting that it has even reported some of its users to the authorities in Sweden and Norway.
In his blog post, Cluley said many of Snapcat’s users may have been lulled into a false sense of security, “believing the marketing propaganda that suggests images will be safely erased forever within ten seconds.”
