Third-party apps expose Snapchat photos, Dropbox user info

By Chad Hemenway on October 14, 2014

snapchat200x200Breaches of third-party apps catapulted Snapchat and Dropbox into the headlines, albeit unfairly, they said.

A total of hundreds of thousands, if not millions, of photos and log-in information was stolen. But the applications each said their servers were not breached.

“We can confirm that Snapchat’s servers were never breached and were not the source of these leaks,” said a statement from Snapchat emailed to Advisen.

“Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting dozens of these removed.”

Meanwhile, users of several sites such as Pastebin.com posted hundreds of samples of usernames and passwords from Dropbox. The poster said he has more and will post them for donations of Bitcoin.

The Dropbox blog responded: “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe.”Dropbox-icon

“The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox,” the blog continued. “Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

Third-party app Snapsaved.com, which saves Snapchats, confirmed it was hacked. “SnapChat has not been hacked, and these images do not originate from their database,” Snapsaved said.

“As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” Snapsaved said. “As far as we can tell, the breach has effected 500MB of images, and 0 personal information
from the database.”

Hayley Tsukayama, consumer technology reporter for The Washington Post, said third-party apps can be easier targets for hackers.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or chemenway@advisen.com.