The media are full of reports of a vast leak of private photos and videos that were sent using the SnapChat application. However, it’s looking increasingly likely that they have been taken in by a scammer, and that the actual leak consists of a handful of videos, very few of them compromising.
Starting on Thursday, blogger Kenny Withers started reporting on rumors from 4Chan of a 13Gb file containing 200,000 photos and videos stolen from SnapChat users. The files were said to have been collected from SnapSaved.com, a web site that was not owned or authorized by SnapChat. It allowed users to log in with their SnapChat credentials, but rather than displaying incoming messages for a few seconds, as the SnapChat App does, it would save them permanently. ShapChat has recently improved their security so that this is no longer possible. However, if SnapChat had paid sufficient attention to security when developing the app, it would never have been possible in the first place.
Yesterday, some alleged stolen SnapChat files were published briefly, and the story was picked up by media outlets including Forbes, Business Insider, and CNN. Some reports claimed that the 13Gb file was already circulating, and that hackers were going to build a searchable database giving access to all the stolen material indexed by SnapChat id.
However, the files that were actually leaked, said to be a ‘sample’ of the full 13Gb, were not convincing. A reverse image search on the pictures showed that they were already available on the Internet on existing “SnapChat leaks” sites. There were also about 90 videos, which are still available via BitTorrent. These are all smartphone videos, and some of them contain SnapChat style text messages superimposed. However, only about half on them contain nudity, and only one contains nudity combined with a fully visible face. So, though there was a genuine leak, there was no evidence that 200,000 accounts were compromised.
In the small hours of this morning, one person claiming to have possession of the full 13Gb file announced that he had decided not to publish it after all.
Was this really a sociopathic invader of privacy having a sudden burst of remorse, or was the whole thing a hoax from the start? My money is on “hoax”. I think the most likely scenario is that someone did steal a few dozen SnapChat videos, and decided to promote this as a much larger leak, possibly for the sheer fun of taking in so many people.
Yesterday there was also an attempt to monetize via another Pastebin post, so that may have been part of the motivation for the hoax.
The URL shortener being used displays an ad for five seconds before redirecting. However in this case the user is redirected to another Pastebin post containing another short link, which takes you to another ad, and then finally redirects “this file has been removed” pages Mega and Mediafire. Were those files ever there in the first place? I doubt it.
UPDATE: Oct 12, 2014, 12:06AM PST. A 12.6 Gb collection claimed to be the Snappening has turned up on BitTorrent, so perhaps I was wrong. On the other hand, I have seen a lot of fake links claiming to be to the stolen pictures out there, but which in fact are attempts to monetize via installing adware, or using the good old “free gift card” scam, so this may be still be some sort of scam.
UPDATE: Oct 12, 2014, 8:15AM PST. I was wrong, the collection available on BitTorrent does contain leaked SpamChat images and movies. However, there is a fair amount of hype about the seriousness of the leak. I examined a sample of these, which I have since deleted. The vast majority of them do not contain nudity. Many are just a text message on a black background, or photos of people pulling faces or showing their day to day activities. Of those that do contain nudity, most do not show a face. There were no photos in the sample I examined featuring nudes of obviously under age subjects. OF the photos that did feature nudity and a recognizable face, several were of professional models, and one had a Playboy logo in the corner.