Yet another hack revealing sensitive images has occurred, this time affecting users of the popular Snapchat app. Snapchat itself was not the victim of a data breach and instead claims that an unauthorized, third-party service is to blame for the hack though it didn't name a specific company.
SnapSaved, a website that preserves the images created on Snapchat that would otherwise self-destruct, is allegedly the third-party site being referred to. The site has confirmed it was hacked over the weekend after thousands of videos and photos from Snapchat users were published online, many of a personal nature. Nearly 90,000 photos and 9,000 videos were stolen from SnapSaved's servers.
SnapSaved employs a version of Snapchat's API that was reverse-engineered, enabling users to get around the instant deletion aspect of the app and view or download images sent to them. SnapSaved offers users online storage of the information, allowing images that would otherwise be deleted to be hacked. According to an interview in The Guardian, a security researcher claims that 13 GB of data, collected over an entire year, was compromised in the hack. This information suggests the attack was much larger than just the original 500 MB SnapSaved first said was taken from its databases.
Lax security measures result in photo leak
According to NetworkWorld contributor Ms. Smith, an admin for the SnapSaved site was accused of creating a complete content directory for the site and uploading it to an un-indexed website where anyone could access or download the files. In response, SnapSaved issued a statement saying such a directory was never publicly available.
"Snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available," read the statement. "We had a misconfiguration in our Apache server. Snapchat has not been hacked, and these images do not originate from their database."
The statement went on to say that no personal information was taken in the breach and the un-indexed website and associated database have since been deleted.
When traditional cybersecurity techniques aren't enough, a security information and event management service can help to enhance an enterprise's defense posture. Most organizations' IT departments are understaffed and overworked, but concierge SIEM solutions provide constant monitoring of enterprise systems that look for any suspicious behavior or anomalous activity. Recorded event information is then analyzed and used to provide reliable information about the threats facing a company at any given time.