Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Snapchat Warns Users of Third-Party Apps

Following the recent incident in which hundreds of thousands of photos were leaked online, the developers of photo messaging application Snapchat have decided to take steps to protect users against risky third-party applications.

Following the recent incident in which hundreds of thousands of photos were leaked online, the developers of photo messaging application Snapchat have decided to take steps to protect users against risky third-party applications.

The content sent by Snapchat users is visible only for a few seconds, but there are several third-party applications designed to save the “Snapchats.” The large number of photos leaked in October came from one such service, Snapsaved.

Snapsaved said hackers exploited a misconfiguration in their Apache server and downloaded a total of 500Mb of photos mostly belonging to users in the United States, Sweden and Norway. The site’s operators deleted the entire database shortly after the breach, which has been referred to as “The Snappening.”

To prevent such incidents from occurring in the future and to protect customers against services that trick them and compromise their accounts, Snapchat has started actively warning Snapchatters when the use of a third party app is detected.

While most customers will not see any difference, those who use third party apps will be advised to change their passwords and stop using unauthorized applications.

The company also called on Apple and Google to remove third-party iOS and Android applications that access the Snapchat API from their app stores.

“A third-party application is any application that accesses the Snapchat API, but hasn’t been built and maintained by our company. Given the popularity of Snapchat and the size of our community, it’s no surprise that a cottage industry of app-makers has popped up to provide additional services to Snapchatters,” Snapchat said in a blog post last month. “Unfortunately, these applications often ask for Snapchat login credentials and use them to send or receive snaps and access account information.”

Snapchat says it likes what some developers have done to make the service better. However, the company believes it takes time and a lot of resources to build a trustworthy third-party app ecosystem, which is why it hasn’t released a public API and prohibits use of its private API.

“[Any] application that isn’t ours but claims to offer Snapchat services violates our Terms of Use and can’t be trusted,” Snapchat said.

While the latest incident doesn’t involve a breach of Snapchat’s systems, there have been cases where the service was directly targeted by hackers. In late December 2013, the usernames and associated phone numbers of 4.6 million Snapchat users were published online by hackers who had leveraged an attack method disclosed by researchers just days earlier.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...