Snapchat’s reminder: Nothing engineered is truly secure

There’s another sleazy leak of photos online. With thousands of photos hacked from Snapchat, let this be a reminder: Once data leaves your control, it’s never really secure. 

A hacker or hackers recently posted 90,000 photos and 9,000 videos sent via the messaging app Snapchat for anyone to download. Perhaps not surprisingly, many of these photos were of users in various states of undress. And with over half of the users of the app under 18-years-old, this is one of the worst instances of cybercrime on record.

While there can certainly be some debate over the wisdom of sending any of this material online, the breach is especially troubling because so many users thought Snapchat’s privacy protections would work in their favor.

What went wrong

For its part, Snapchat’s services seem to have worked as advertised. These “Snaps” are supposed to be deleted after they’re opened and not stored anywhere on the app’s servers.

The problem: Third-party apps that are designed in order to save these messages to another server.

It appears that Snapsaved.com, a now defunct web app, was the culprit in this case.  This service saved photos and videos to a server which was either compromised by hackers or perhaps set up by them with the intent of stealing whatever was sent. (Snapchat’s policies forbid these kinds of third-party apps, though the best it can do is try to get them taken down as quickly as they pop up.)

Snapchat’s privacy debacle

Throughout its history, this incredibly popular app has had some privacy concerns, from allegations that its system of alerting users when a recipient took a screenshot of a message was flawed to a vulnerability that allowed users’ phone numbers to be stolen.

But to blame the app in this case seems misguided. The real takeaway here is for users themselves.

Remember these rules:

  • If someone designed a security feature, someone else can crack it. No exceptions.
  • Information is only as secure as the person it’s sent to. Once it leaves your hands, whether it’s sensitive work documents or personal items, it’s no longer entirely in your control.
  • At the end of the day, most apps are designed with profits being top priority, then privacy (if privacy is even a concern for a developer at all), and
  • It may be dispiriting, but trust online shouldn’t be given out easily. It’s easy for someone to betray that trust, or have their systems compromised in such a way that privacy protections are no longer effective.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy