snapchat snappening 4chan
Snapchat should take its share of the blame in the 'Snappening' image leak, security expert claims.Reuters

The third-party app Snapsave blamed for the leaked Snapchat images has admitted that its servers were breached, though security experts have claimed that the self-destructing messaging app is not entirely blameless in the 'Snappening' incident.

Over the weekend of 10 October, a 14GB file containing around 100,000 photos and videos sent via Snapchat was shared online across sites including 4chan and Reddit.

In response to the hack, Snapchat placed the blame squarely on the use of third-party apps by its users, saying in a statement that it was "a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users' security."

The attack was acknowledged by Snapsaved, a third-party app and website that Snapchat users can download in order to save photos and videos that would otherwise be deleted by the messaging app.

"I would like to inform the public that snapsaved.com was hacked," an unsigned statement posted to Snapsaved's Facebook page read. "Snapchat has not been hacked, and these images do not originate from their database.

"As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has affected 500MB of images and 0 personal information."

Snapchat snappening leak
A blurred screenshot of images alleged to be from the Snapsave service, posted to 4chan.4chan

Blaming the breach on Snapsaved is not fully justified, according to one cyber-security expert, who claims that Snapchat needs to "step up their onus in their app protection capabilities" before making the app available to consumers.

"It's clear that the security layers offered from the app stores are not enough to protect the critical policies residing in the apps themselves and to protect the end users from data compromise," Mike Dager, CEO for security firm Arxan, told The Independent.

"While Snapchat has gone on the record to say that neither the app nor their servers have been hacked, we scrutinise that claim.

"Since Snapchat does not provide an API for developers, the developers of the third-party apps must be reverse engineering either the Snapchat app or the network communication protocol. Once the third-party apps have emulated the Snapchat client, the apps gain access to the Snapchat user's private photos.

"As a result, the risk of a data breach is spread from Snapchat to the third-party app provider. Therefore, the risk mitigation must be initiated by mobile app developers themselves by deploying apps that have in-app defence and tamper-resistance attributes."

Snapchat is yet to respond to a request for comment regarding these claims.