If it’s not an idle boast, 200,000 private images and videos from European users of ‘self-deleting’ photo app SnapChat, totalling 13gb, could be released by hackers this weekend, according to board posts at the online counterculture site 4Chan.
Social media strategist Kenny Withers posted screenshots of the thread in question on his website (cached version, via WebArchive), which indicates that the stolen SnapChat images will be placed into a new and searchable website, currently under construction. According to the screenshots of the 4Chan forum, it will be possible to search for photos based on user-name. Additionally, the thread indicates that the files will be distributed via a Torrent site.
Early links to aborted attempts to distribute the material indicate that the disclosure – nicknamed ‘The Snappening’ on the 4Chan board – is not a hoax. One attempt at distributing the photos was attributed to the URL http://viralpop.com/snapsaved/ – but the site was blocked by Hostgator shortly afterward.
Unlike the recent Apple data breach, wherein intimate celebrity pictures were obtained from Apple’s iCloud service and then publicly distributed, the numbers are far greater this time, and the number of personal intrusions into private lives potentially very high.
One of the posts seems to be a response to a now-unavailable early URL, and if correct would indicate that the disclosure site will go online at 3pm Saturday, Central time:
There seems some evidence in the exchanges that connecting the user-images to the user-names via a searchable online database is slowing down the anonymous hacker’s work.
SnapChat is a SmartPhone app which allows the user to take and send a photo which will self-delete after a few seconds. Consequently it became one of the most popular photo apps in the world this year because of its ability to facilitate ‘sexting’ – transmission of intimate pictures – without leaving a record.
However the third-party image-storage service SnapSave is able to intercept the sent photo before deletion and store it to its – apparently now-hacked – server.