SnapSaved.com, a website that stores Snapchat photos and videos that are meant to disappear once received, confirmed on Sunday that it is the source of approximately 200,000 private pictures posted online last week.
“I would like to inform the public that snapsaved.com was hacked,” reads a statement on the SnapSaved.com Facebook page.
Hackers were able to access photos and videos on SnapSaved.com because of a misconfiguration of the site’s server, the unnamed Snapsaved spokesperson wrote.
“As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it.”
Blaming The Wrong Victims
Snapchat’s official position is that anyone who used apps or websites like SnapSaved.com—and there are many—made themselves victims.
But now that SnapSaved.com has come forward as the source of the photo leak, we see that there’s a big problem with Snapchat’s statement.
Which is this: It takes two people to send and receive a photo on Snapchat. And while the people who received a photo and stored it on SnapSaved.com may have been acting foolishly, the people who sent them photos using the official Snapchat app did nothing wrong—except trust Snapchat.
As Jason Koebler argues on Motherboard, Snapchat users clearly want to store snaps, and they turn to third-party websites to do so because Snapchat doesn’t offer an option to do so in its own app.
Snapchat either needs to plug the security holes that allow third parties to collect users’ login credentials and access its servers—or create a sanctioned way for developers to build apps that plug into Snapchat, while protecting users’ security and privacy.
The SnapSaved.com website is no longer online. But until Snapchat addresses the underlying issues that allowed someone to create a snap-saving website, there will be more like it.