Hackers have threatened to release Snapchat images that have been intercepted and stored online by a third-party app, according to media reports.
The reported leak has been dubbed “The Snappening,” a play on last month’s “The Fappening,” in which nude photos of stars were stolen from iCloud and surfaced online. Jennifer Lawrence, Rihanna, Rita Ora and Kim Kardashian were among the stars affected by the leak.
The images were taken on Snapchat and meant to last for just 10 seconds. But third-party apps have given users the ability to capture a screenshot of the image and store it. At lease one of these applications has been hacked, and its online library of a reported 13GB of images has been compromised.
The Snapchat leak could impact about 200,000 Snapchat users — and potentially minors — as half of Snapchat’s 4.6 million users were between the ages of 13 and 17, according to The Guardian.
According to Business Insider, members of an underground chat room called 4chan have downloaded the images and are creating a searchable database by Snapchat username.
Two possible third-party apps have been floated as the victims of the hacking: Snapsave and SnapSaved.com.
A Snapsave representative told Business Insider, “Our app had nothing to do with it and we’ve never logged username/passwords.” He also said Snapsave doesn’t store photos online.
SnapSaved.com did save photos on a web server, but it’s no longer in business. Its URL now redirects to a Danish company that sells TV accessories.
A spokeswoman for Snapchat said it wasn’t the source of the leak and that the company expressly tells users not to use third-party apps with its platform.
“We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed,” she added.
Snapchat came under fire in December 2013 when it didn’t respond to a warning from Gibson Security that a vulnerability in its coding might allow hackers to get a hold of users’ personal information. Gibson Security went public with the information, and hackers were able to match phone numbers and usernames. They then released a database of the acquired information on Dec. 31, 2013.