Last week, some malicious hackers on 4chan announced that they have up to 200,000 pictures and videos from Snapchat users, which they claimed they got from Snapsaved.com. Snapsaved used an unofficial reverse-engineered API to allow Snapchat users to save and see their Snapchat pictures on the web.
Unfortunately, this has also made those users highly vulnerable to attacks against Snapsaved's servers. In a recent post on Facebook, Snapsaved owners said that the site was indeed hacked, which is why they deleted it as soon as they saw evidence of the hacking. However, things don't seem nearly as bad as the hackers said.
According to the Snapsaved founders, only 500 MB of pictures were stolen (as opposed to the initially reported 13 GB), and no identifying information was collected by the hackers. Apparently, the attackers couldn't get enough information to make the database searchable, as they initially claimed.
The Snapsaved owners' post also comes as a rebuttal to an earlier anonymous Pastebin comment in which they were accused of letting one or more hackers browse the content on their website.
"The content released from this site was provided to us by the administrator of the site," the writer claimed. "Users could freely browse all media on this website, and view as per user account.""When the site became unusable, the administrator compiled a full directory of the content and uploaded it to an un-indexed website where you could freely download it."
Snapsaved denied this in the Facebook post, stating that "the dictionary index the poster is referring to was never publicly available. We had a misconfiguration in our Apache server."
Apparently, Snapsaved claimed in November 2013 that it had 10,000 visitors, so we wonder if there really were 200,000 user accounts to be leaked from Snapsaved alone. If there are many more leaked Snapchat pictures out there, they may be from other sources.
As we mentioned in our previous coverage, Snapchat has had quite a few security and privacy issues in the past couple of years. It's possible that some or most of those 200,000 pictures could be from previous leaks, too, whether from Snapchat's own servers, from unofficial third party services that offer to save Snapchat pictures, or from the Snapchat users' own smartphones.
Snapchat could do much more to limit the potential for its images to be stolen either from servers (whether their own or from third parties) or users' phones, but it remains to be seen how quickly the company will move to do so.