Real news from the privacy world

Snapchat Recommends Users Not to Trust Third-Party Apps

Third-party apps may not be trusted and can be dangerous to use – it’s what Snapchat tells its user base of over 100 million people. Yet, Snapchat isn’t able to tell why exactly outsiders were actually able to connect to it in the first place.

Photo-sharing service made cautious warning on Tuesday morning to not to use applications that says to have a functionality to work with Snapchat messaging service.

Via Snapchat, which has been on pretty hot foot last week, users are able to share a video or photo that gets deleted right away after the recipient receives and sees it. Service that allowed Snapchat users by connecting to Snapchat, in particular recipients of a “snap”, to save the videos and photos was recently hacked, leaking over 13 gigabytes of data – majorly photos that users were storing on this third-party website. All of the leaked data was also made public, including thousands of photos containing intimate images. Around 200,000 users were affected by this hack.

Third-party services were blamed for putting Snapchat users in such situation and at risk by Snapchat in its newly posted blog post today. Snapchat wrote in it today that building trustworthy and open third-party application ecosystem takes a lot of resources as well as obviously time and these are the reasons why they do not provide any public API to anyone and why access to the private API used to provide their service is prohibited.

It is not the first time since the breach that Snapchat tells users are assuming a lot of risks by using third-party services which are at fault. On Friday CNET News were told in a statement, that Snapchat users were “victimized” due to them using those third-party services, which back up data posted to Snapchat without the consent of the sender.

According to Snapchat, it prohibit the use of its API in third-party Snapchat services due to them compromising Snapchat users’ security and that it’s expressly mentioned in their Terms Of Use.

A minimum of two unbiased experts in security think that Snapchat, which was founded in 2011, does also bear some of the responsibility for the data leak. A vice president of computer-security research firm Veracode Chris Eng said that this probably would not happened if Snapchat secured its API and that they zero reasons why they could not have much better security.

Eng told CNET quite ironically that Snapchat is relying on ToS which basically has zero effectiveness instead of setting up strong security for its service.

According to director of research at security-intelligence firm Synack, Patrick Wardle, most if not all APIs (as well as Snapchat’s) are designed for both outside and inside services to connect to them. If it is known by a third-party service how an API works or is built, it needs only user credentials to be able to connect to the service.

Wardle said that it does not matter whether API is public or private, as long as and if user is providing his account information then it is possible for hackers to use the API and access users’ content. Electronic messages could be protected from being spied on by using end-to-end encryption and that would ensure both Snapchat user privacy and API access protection. Furthermore privacy, especially internet privacy is an important aspect to consider, and most reliable and practical way in achieving strong privacy is using VPN such as our feature rich custom NordVPN software.

Snapchat yet has to reply to a request for additional comment.

The stolen data that contained user’s “snaps” was stolen from third-party unauthorized Snapchat service called Snapsaved. This service wasn’t the only third-party Snapchat services, which already were shut down few months back. Snapsaved took responsibility for getting hacked and leaking those videos and images on Saturday in a Facebook post. However it said that only 500 megabytes of videos and images had been stolen, instead of 13 gigabytes.

Most of Snapchat’s users are claimed to be teenagers as young as 13 years old and that a lot of stolen videos and images could have been sexually explicit. Neither Snapsaved itself nor Snapchat are saying how many of stolen photos contained pornographic content. However one Reddits’ user says that at least around 100 megabytes out of the 13 gigabytes of stolen data was sexually explicit and that may be over tens of thousands of photos.
Snapchat became the third-most popular social media based app in the US, being just behind Facebook and Instagram, for the sole reason of being able to automatically void messages. The startup could have been bought for $3 billion by Facebook just last year, thought, unsuccessfully.

The Snapsaved hack happened just after recent Apple’s iCloud incident, in which attackers targeted celebrities’ photos including sexually explicit images. Jennifer Lawrence, one of the celebrities victim attacked websites that contained the stolen images calling them disgusting and causing sex crime, not just scandal.



Try NordVPN for Free!

3 days of full security and privacy, with no strings attached

Comments

Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *