The Internet was abuzz today (Oct. 10) with a rumor that thousands of private photos stolen from Snapchat were about to be dumped online, but as of this writing, it wasn't clear whether the whole thing was real or just a hoax.
The threatened leak of photos, instantly dubbed "The Snappening" in homage to the hundreds of celebrity nude photos that were leaked this past Labor Day weekend, first materialized as a rumor on the Web discussion board 4chan last night Eastern Time (Oct. 9).
Because Snapchat, a smartphone app used to send and then quickly delete instant messages, is often used to send nude "selfies," the implication was that many of the rumored 100,000 images — or 200,000, depending on the media report — would be intimate photographs of ordinary people.
However, despite the original 4chan poster promising that the images would be released today, nothing has materialized, and the few images that have been offered as "proof" have been debunked as recycled images already available online. (Later media reports said the leaker changed the date of the purported data dump to this Sunday.)
The images were purportedly stolen not from Snapchat itself, nor from individual users, but from one of many third-party services that promise to capture Snapchat images before they're deleted. Some reports named the service as Snapsaved, others as SnapSave.
A SnapSave spokesman told Engadget that "our app had nothing to do with it." Snapsaved does not show up in either the iTunes or Android app stores, and snapsaved.com was unreachable.
For its part, Snapchat, which has had its own share of security issues in the past, denied its own servers were breached in a press statement.
The Snappening gained attention thanks to the efforts of Kenny Withers, an online marketer in Vancouver, Washington, who observed discussions last night on 4chan regarding the threatened data dump. He quickly began tweeting about it, blaming the entire thing on 4chan users.
"First #Fappening now #Snappening," Withers tweeted. "#4chan hacks cloud service #Snapsave, will leak 200,000 nude photos & videos."
Withers posted on his own blog about the threatened leak, including a purported screengrab of a website hosting the stolen images. Withers' blog is currently buckling under heavy traffic and cannot be reached, and the stolen-image website — named by Business Insider as viralpop.com, and which purportedly tried to infect visiting browsers with malware — seems to have been taken down.
A review of archived 4chan discussion threads reveals a different story. One poster — like almost all 4chan users, he or she didn't give a name — apparently came forward last night promising to post 13 gigabytes of Snapchat selfies online. Most posters said they'd want to see them, but some were skeptical.
"Don't fall for this," wrote one 4chan poster. "Someone is looking to frame us and shut us down."
On Reddit, on which most discussion posters use pseudonyms, "iHikeALot" wrote, "I am quite sure that this is all fake. This 'Kenny Withers' has done a terrific job spreading it around on every form of online media possible." (iHikeALot later changed his mind.)
Withers insisted to Forbes' Kashmir Hill that everything he saw was real.
"I didn't want to save or post photos from the image site, because they were stolen," he told Hill. "And, in the case of the nude photos, they could be child porn."
The Snappening doesn't matter
Whether or not the Snappening photos ever appear, the fact is that thousands of nude selfies of noncelebrities have been circulating online for years. Amateur-porn sites are full of them; the images often involve a young woman in some state of undress taking a photo of herself with a smartphone, either in a mirror or directly.
4chan users also post such images constantly, but intersperse them with images taken by young men — or sometimes not-so-young men — of their own private parts.
It's not clear how all these nude selfies were obtained. Some may have been collected through compromises of individual online accounts, such as Apple's iCloud or Yahoo Mail. (It's easy to guess many people's passwords.)
Many other images were probably posted online by the same people who were originally meant to receive the images, out of spite or disregard. "Revenge porn" sites specialize in such content.
Put another way: If you're an attractive young woman and you've ever sent a nude selfie to someone else, there's a good chance that photo is already circulating online. If you're a man and you've done the same thing, the jokers on 4chan may be laughing at your family jewels right now.
How to protect your nude snapshots (if you have them)
There are ways to reduce the risks of this happening to you. First, turn on two-factor authentication on every online account that offers the security feature — it will protect you if someone guesses or steals your password.
Second, delete every risqué photo of yourself that exists on your smartphone, in your online email account and in your cloud-storage service. Contact everyone you've ever sent such images, and ask them to do the same. (It's likely not all of them will.)
Finally, if you must share nude photographs of yourself, don't use a smartphone to do it. Don't use any form of Web-enabled camera. Instead, use a Polaroid camera, print out a photo, stick it an envelope and send it via U.S. Mail.
- iOS 8 Security Tips to Keep Your Data Safe
- Best Mac Antivirus Software 2014
- 10 Facebook Privacy and Security Settings to Lock Down
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.