According to some hackers on 4chan, up to 200,000 Snapchat images may have been stolen from a third-party service that got hacked. The hackers claimed that a searchable database of tens of thousands of pictures (including nude images) and videos will soon go live.
It seems the third party service that was hacked is called SnapSaved.com, but the service was shut down months ago (possibly after the owners found out about the hacking themselves). The site allowed users to save the supposedly "self-destructing" images from Snapchat and check them out later on the web.
Snapchat put out a statement in response to the leak, nicknamed the "Snappening," saying the following:
The statement may be true, but it doesn't completely absolve Snapchat of all blame. Snapchat's main marketing message has been that you can safely take pictures that self-destruct within 10 seconds, making millions of people believe that their pictures are "private."
Unfortunately, Snapchat messages aren't even encrypted end-to-end (such as when using an open source app like TextSecure), which means the company itself can decrypt them. In fact, Snapchat's Director of Operations has admitted before that the company give authorities access to Snapchat images, as long as they haven't been opened yet by the recipient.
For agencies like the NSA or GCHQ (which has spied on nude pictures and videos before) that get access to Internet cables and collect all the data going through them, the "self-destructing" feature is completely irrelevant. If the messages aren't encrypted end-to-end, and they've done a Man-In-The-Middle attack against Snapchat's servers, then it can be rather easy to snag such messages in transit, before they are ever "self-destructed."
Without end-to-end encryption, you also can't be sure that Snapchat's servers don't have a cache of the photos somewhere, for redundancy purposes. If the images are not overwritten properly, it could also be possible to retrieve them with forensic tools.
The bottom line is that you shouldn't expect your messages to be completely self-destructed, and you should know that there may be a chance the images were saved somewhere. Until Snapchat adds end-to-end encryption, such a chance, however small, will always exist.
Snapchat has even had issues in the past with the self-destruction itself. Researchers discovered last year that the self-destructed images were actually saved in a directory called received_image_snaps on Android.
Last year, 4.6 million usernames and phone numbers also leaked online due to the weak security design of Snapchat's username discovery API. The company got in trouble with the FTC as well, and it was forced to admit that the self-destructing images claim was actually "false."
Although the current hacking happened to a third-party service and not to Snapchat's servers, it seems Snapchat keeps getting into security troubles. The reason for that is because the service doesn't have solid enough security that could have prevented supposedly private/self-destructing images from leaking to other websites.
Snapchat's users have a certain expectation about the service. Many are using it because they think it's a much more secure alternative to Whatsapp, Facebook Messenger, Google Hangouts, Skype or other chat apps. If it's not, then perhaps its users need to realize the app is no better than other weakly-secured chat apps out there.
The fact that 50 percent of Snapchat users are between 13-17 years old (and are sending each other potentially very private photos of themselves) makes securing the messages, even against the company itself through end-to-end encryption, that much more important.
The company shouldn't want pictures of minors leaked on the web, and it should adopt the maximum amount of protection for those pictures if it's going to continue to claim that the photos sent using its app are private and disappear forever, from all places.