Cross-posted from Wired.
If you’re a Snapchat user, you should know something: The “Snappening” is not your fault.
On Sunday, the threat of what has been dubbed “The Snappening” actually happened. Hundreds of thousands of pictures and videos taken by users of the popular ephemeral media service Snapchat were intercepted by hackers and, after a few days of bragging and bluster, they were finally posted online in a 13GB dump. Details are still rolling in on how this attack might have been carried out, but signs point to the use of insecure, unauthorized third-party software designed to let users store “disappearing” snaps. The third party software service SnapSaved.com has confirmed it was compromised as part of this attack.
The guidance and rules are buried in the fine print with no explanation for the ban on third-party software. This dense, boilerplate agreement places the burden of securing against this attack on the party in the relationship least likely to have knowledge of the vulnerability—the user. People who relied upon the app’s implicit promise of ephemera and relative safety wouldn’t be wrong to feel betrayed by Snapchat’s “it’s not us, it’s you” attitude.