Future Tense

This Snapchat Leak Should Warn You to Think Before You Snap

Snapchat isn’t a substitute for privacy-first, encrypted messaging.

Photo by Kevork Djansezian/Getty Images

If you had never heard of the anonymous online forum called 4chan or thought about the threat of leaked photos before last month, you’re probably caught up now. The celebrity nude photo leak dubbed the Fappening and a marketing stunt threatening to leak naked pictures of Emma Watson both emerged from 4chan. And earlier today, a social-media strategist named Kenny Withers started blogging about talk on 4chan of a Snapchat nude-photo leak. Is the Snappening upon us?

Business Insider reports that hackers have a 13GB cache of sensitive or explicit snaps culled from a third-party snap-saving service that they are planning to match with Snapchat usernames and release on October 12. Estimates put the number of photos at 100,000 to 200,000.

This isn’t a breach of Snapchat’s servers. It’s a trove of photos from a service that a user would install in order to automatically save incoming snaps—without the sender realizing it. Snapchat said in a statement:

We can confirm that Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.

Though the identity of the third-party service isn’t known, services like Snapsaved and similarly named Snapsave could be the source. As the New York Times points out, Snapsaved seems particularly suspicious because whoever made it covered his tracks, its content has been taken down, its URL (Snapsaved.com) is set to expire next week, and it doesn’t seem to have ever been available in the Google Play app store. The Times couldn’t reach anyone at Snapsaved for comment. The creator of similarly named service Snapsave, Georgie Casey, did respond. “My app just saves Snaps to your Android phone, nothing is ever sent to my server,” he said.

So did the leak come from Snapsaved, Snapsave, or another service entirely? Was that service hacked or was it set up to maliciously store snaps for its own use in addition to the use of its users? Is there a leak at all? It’s unclear. And even though Snapchat itself isn’t part of a leak this time, the company has a pretty checkered past when it comes to protecting the security of its users.

Snapchat may seem like a reasonable way to send sensitive photos—they disappear within a few seconds!—but it’s a social platform not a security service. It’s meant to be maximally easy to use, and to promote sharing. That’s the opposite of what true private communication is about. Secure encrypted communication services require a little bit of procedural work to use and make content sharing difficult outside of the sender and recipient.

Snapchat is like your desk phone. It’s illegal for someone to bug it, but if they do, then they can record your calls. There’s no second line of defense.