Snapchat has spoken out for the first time about the hack that led to the theft of tens of thousands of private photos, dubbed ‘the Snappening’, scolding affected users for using an unsupported third-party service.
The photos were stolen from SnapSaved, an unofficial site that promised to allow users to save pictures sent to them on the service. Typically, Snapchat pictures and videos disappear within seconds of being viewed, and the app itself sends users a notification if the file’s recipient takes a screenshot.
“Over the past few days we’ve fielded a number of questions about our API and third-party applications after a website that offered to save Snaps indicated that their database had been breached,” Snapchat said in a statement.
“We are grateful that the service provider acknowledged that Snapchat was never compromised, but we wanted to use this as an opportunity to reiterate the unfortunate threats these third-party applications can pose to our community.”
“Given the popularity of Snapchat and the size of our community, it’s no surprise that a cottage industry of app-makers has popped up to provide additional services to Snapchatters. Unfortunately, these applications often ask for Snapchat login credentials and use them to send or receive snaps and access account information.
“When you give your login credentials to a third-party application, you’re allowing a developer, and possibly a criminal, to access your account information and send information on your behalf.”
The company accepts that there is demand for the services offered by apps such as SnapSaved, but adds that “it takes time and a lot of resources to build an open and trustworthy third-party application ecosystem. That’s why we haven’t provided a public API to developers and why we prohibit access to the private API we use to provide our service.
“Don’t get us wrong – we’re excited by the interest in developing for the Snapchat platform, but we’re going to take our time to get it right.”
Snapsaved itself released one statement on the breach, on its Facebook page, saying that “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has affected 500MB of images, and zero personal information from the database.”
The company has since started asking for payment when journalists enquire about interviews, telling reporters “we would like to know if you could offer any monetary reward for the interview, this would be via bitcoins or the like”.
.png?w=600)
