How Hackers Got Private Photos Without Ever Breaching Snapchat's Servers

How hackers got photos without ever breaching Snapchat's servers.

ByABC News
October 13, 2014, 1:54 PM

— -- Thousands of private photos -- apparently sent via Snapchat -- were leaked online by hackers who got their hands on the images without ever breaching the app's servers.

The trove of private snaps were first posted online at a fake website called viralpop.com, which was deleted after they were downloaded by users. They went on to share the files on 4Chan, according to The Daily Beast.

4Chan did not immediately respond to ABC News' request for comment, however the leak -- which has been dubbed, "The Snappening" -- is being discussed in a slew of threads on the image sharing board.

The massive pilfering of private snaps, which comes on the heels of the celebrity photo hack, has shifted attention to third party apps that allow Snapchat recipients to surreptitiously save the otherwise ephemeral photos.

While Snapchat has not confirmed the exact source of the breach, the spokesperson said no photos have been leaked from its servers.

"Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users' security," a Snapchat spokesperson told ABC News. "We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting dozens of these removed."

The breach comes five months after Snapchat settled with the Federal Trade Commission over claims it deceived users about the disappearing messages.

Snapchat said it temporarily collects, processes and stores the secret messages sent over its servers, but promises the contents are automatically deleted as soon as they are viewed by one or more of the recipients, according to the company's privacy policy.

While Snapchat has worked to strengthen user trust, they've also had to contend with a slew of third party apps and web clients that undermine the original intention of the service.

SnapSaved.com, the website mentioned in a Reddit thread as the possible source of the Snapchat leak, has since been taken offline. Contact information for the site's administrators was not immediately available.

Days after the breach first came to light, a search of Google Play and Apple's app store reveals a number of third party applications that promise to save Snapchat images and videos to the recipient's camera roll without the sender ever knowing.

Many of the services are easy to use and work the same way. Users simply log on to the service using their Snapchat credentials and then are free to save videos and photos they receive via Snapchat.

While the use of these sites may violate Snapchat's terms of service, Robert Siciliano, a McAfee online security expert, said Snapchat users should not have a reasonable expectation that their snaps will remain private.

"The mere fact that apps exist that have essentially reverse engineered Snapchat API means that the technology is vulnerable," Siciliano told ABC News. "Additionally anyone that understands the very basics of how [a] mobile phone works recognizes a simple screenshot, it captures any photo forever."

Snapchat says it is focused on user privacy, however a disclaimer posted on their website adds that "we cannot and do not represent or warrant that the services will always be secure or error-free or that the services will always function without delays, disruptions or imperfections."

In other words: As long as Snapchat and these third party apps are in the crosshairs of hackers, there's no guarantee that your images will make like the Snapchat ghost and leave.