© 2024 Connecticut Public

FCC Public Inspection Files:
WPKT · WRLI-FM · WEDW-FM · Public Files Contact
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Snapchat And Dropbox Breaches Are Really Third-Party-App Breaches

Snapchat's logo.
Carl Raether
Snapchat's logo.

What can get lost in a flurry of news about Dropbox and Snapchat getting hacked is that the companies themselves deny they were hacked at all.

They're not lying. Technically speaking, Dropbox's servers did not get breached. Snapchat's didn't either. Photos and log-in credentials apparently leaked from third-party sites or apps that piggyback on these services.

What are third-party apps? They are services that exist outside a parent program, say, Snapchat. But these services rely on the code base of the parent and add functionality to the main service.

For instance, the third-party site that leaked the Snapchat photos was called Snapsaved.com, and it did what Snapchat did not — allow you to save photos sent through the service. In a Facebook post, Snapsaved said it itself was hacked and that it deleted its website as soon as it discovered the breach.

These third-party apps are everywhere. TweetDeck was originally a third-party app based on Twitter, until Twitter bought it. If you're a Flickr user, there are a number of "home-grown applications" based on that photo-sharing service.

But they can be easier targets for hackers than their parent software programs. So keep that in mind when you use third-party apps. Snapchat, for its part, reminded users that it discourages the use of third-party apps like Snapsaved and in a statement reiterated that such apps violate its terms of use.

In a blog post, Dropbox told its users that their data were safe. It urged them "not to reuse passwords across services" and recommended they enable two-step verification.

Some question whether Snapchat's API, which is an electronic manual of sorts that lets computer systems talk to each other, is just too easy to hack. If that's the case, then the blame for this breach can in some ways be put at the foot of Snapchat itself.

There are ways software companies lock down their systems to ensure greater security, but recent experiences with some third-party apps indicate that wasn't happening.

Update on Wednesday, Oct 12 at 5:31p.m. E.T.: A Dropbox spokesperson says the stolen logins were a result of users who use the same passwords and sign-in credentials across several sites — not a breach of any specific third-party apps.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Elise Hu is a host-at-large based at NPR West in Culver City, Calif. Previously, she explored the future with her video series, Future You with Elise Hu, and served as the founding bureau chief and International Correspondent for NPR's Seoul office. She was based in Seoul for nearly four years, responsible for the network's coverage of both Koreas and Japan, and filed from a dozen countries across Asia.

Stand up for civility

This news story is funded in large part by Connecticut Public’s Members — listeners, viewers, and readers like you who value fact-based journalism and trustworthy information.

We hope their support inspires you to donate so that we can continue telling stories that inform, educate, and inspire you and your neighbors. As a community-supported public media service, Connecticut Public has relied on donor support for more than 50 years.

Your donation today will allow us to continue this work on your behalf. Give today at any amount and join the 50,000 members who are building a better—and more civil—Connecticut to live, work, and play.

Related Content