Snapchat blames users of 'illegal third-party apps' for nude photo hack

Updated October 13th: Snapsaved.com says it was hacked in a Facebook post. Details here. Snapsaved.com says 500 megabytes of images were effected by the breach. The company also says as soon as it discovered the attack it deleted all the contents of its website and database.

Thursday night a slew of nude pictures started showing up on 4chan. Not terribly unusual, except these were images apparently snagged from hundreds of thousands of Snapchat users.

The event has been dubbed “the Snappening,” named after a previous nude photo hack called “The Fappening.” A month ago, a group of hackers found their way into several celebrity iCloud accounts, stole nude images found there, and posted them to 4chan. Most notable among the people targeted was actress Jennifer Lawrence, who called the incident a sex crime.

This time, hackers took photos from 200,000 accounts, according to social media consultant and writer Kenny Withers. Snapchat has issued the following statement to VentureBeat in response, confirming that a hack has occured. But Snapchat makes clear that its “servers were never breached” and played no role in the hack [emphasis ours]:

We can confirm that Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.

The store of photos released Thursday night may have been accumulating for years, though there’s some confusion about the source of the photos. Some reports say the photos came from third-party client SnapSave. However, Business Insider is reporting that the photos came from a website called SnapSaved, which lets users save their snaps online rather than on mobile.

Snapchat’s statement confirms that a hack has indeed occurred but pushes all responsibility to the users — something the victims of this hack aren’t likely to appreciate.