As feared, hacked Snapchat videos and images have leaked. Sky falling: Film at 11. But the cloud service denies it's to blame, fingering an unauthorized 3rd-party service that would download the 'private,' 'self-destructing' naked selfies.
However, Snapchat doesn't get off scot-free: Some say its security is as weak as a sick kitten.
In IT Blogwatch, bloggers blog The Snappening.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Charles Arthur takes a break from trolling other writers on Twitter:
The owners of the Snapsaved site, from which a number of photos sent over the Snapchat service were leaked at the weekend, say that they were hacked. ... On Sunday, thousands of photos and videos from the Snapchat service were put online. ... Snapchat blamed third-party apps, without naming Snapsaved.
Snapsaved...is not connected with Snapsave, an Android app which allowed people to store Snapchat photos on their phone. MORE
And Sean Gallagher surveys the murky world of the chansites:
Posters to 4Chan’s /b/ forum continue to pore over the contents of thousands of images taken by users of the Snapchat messaging service that were recently leaked.
SnapSaved...used a reverse-engineered version of Snapchat’s...API, which allowed Snapchat users to view and download images sent to them...and to circumvent the “instant deletion” feature of Snapchat’s own mobile app. ... A number of mobile applications have used the...API to allow users to store images...but none of these other applications offered Internet storage as an option.
Snapchat has yet to comment...other than to reiterate...that its servers were not breached and that the fault lies with the developers of SnapSaved and its users. [But] part of the problem is that the encryption keys used to protect Snapchat...and the files transmitted over them, are hard-coded into Snapchat’s apps. [The] API also uses AES in Electronic Codebook (ECB) mode—the weakest form of AES encryption for use with a single key. MORE
But the anonymous gnomes behind Snapsaved have this to say:
snapsaved.com was hacked, [but] the dictionary index...was never publicly available. We had a misconfiguration in our Apache server. ... As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database.
I sincerely apologize on the behalf of snapsaved.com we never wished for this to happen. MORE
So Graham Cluley goes for the naughty-seflie-FUD angle:
So, if you have ever exposed your private parts to someone on Snapchat – there is a chance that your picture is now in the hands of hackers. ... And forget red faces, it could be worse than that. Many of the users of Snapchat are likely to be under the age of consent, [so] intimate photographs...could technically qualify as child pornography.
More clearly needs to be done to remind Snapchat’s millions of users – many of whom are teenagers – of the dangers. ... I suspect that many of Snapchat’s users have been...imagining that it is safe to share intimate images via the app and believing [that] images will be safely erased forever within ten seconds. MORE
Meanwhile, Jacob "lamb" Schlies down on Broadway: [You're fired -Ed.]
This is why you don't shove a camera down your pants. People should know better than to believe that their photos were all "deleted".
Snapchat is a fad and no one will be using it in a year. There is simply no way for the owners to profit. MORE
Update: Lucas Mearian has more on the cute name:
[4chan] users...have been referring to the incident as "The Snappening," comparing it to the iCloud hack that released dozens of nude photos of celebrities to the Internet.
Users of 4chan allegedly downloaded the photo and video files and plan to make a database that is searchable by Snapchat user name.
If it were a security breach, it would not be Snapchat's first. In January, the site's "SnapchatDB" database was hacked and 4.6 million usernames and phone numbers were released. The hackers later stated they wanted to reveal to users a security hole that Snapchat had not attempted to fix. MORE
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or firstname.lastname@example.org. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.