Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
Watch Live

Snapchat And Dropbox Breaches Are Really Third-Party App Breaches

What can get lost in a flurry of news about Dropbox and Snapchat getting hacked is that the companies themselves deny they were hacked at all.

They're not lying. Technically speaking, Dropbox's servers did not get breached. Snapchat's didn't either. Photos and log-in credentials apparently leaked from third-party sites and apps that piggyback on these services.

What are third-party apps? They are services that exist outside a parent program, say, Snapchat. But these services rely on the code base of the parent and add functionality to the main service.

Advertisement

For instance, the third-party site that leaked the Snapchat photos was called Snapsaved.com, and it did what Snapchat did not — allow you to save photos sent through the service. In a Facebook post, Snapsaved said it itself was hacked and that it deleted its website as soon as it discovered the breach.

These third-party apps are everywhere. TweetDeck was originally a third-party app based on Twitter, until Twitter bought it. If you're a Flickr user, there are a number of "home grown applications" based on that photo-sharing service.

But, they can be easier targets for hackers than their parent software programs. So keep that in mind when you use third-party apps. Snapchat, for its part, reminded users that it discourages the use of third-party apps like Snapsaved and in a statement reiterated that such apps violate its terms of use.

In a blog post, Dropbox told its users that their data was safe. It urged them "not to reuse passwords across services" and recommended they enable two-step verification.

Some question whether Snapchat's API, which is an electronic manual of sorts that lets computer systems talk to each other, is just too easy to hack. If that's the case, then the blame for this breach can in some ways be put at the foot of Snapchat itself.

Advertisement

There are ways software companies lock down their systems to ensure greater security, but recent experiences with some third-party apps indicate that wasn't happening.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.