The owners of the Snapsaved site, from which a number of photos sent over the Snapchat service were leaked at the weekend, say that they were hacked to reveal the pictures.
The statement follows a claim by an unknown person who says that the photos which leaked out on Sunday were provided by the site’s administrator.
They also say that the distribution of the photos would be potentially harmful both to those pictured and to the wider internet because of its effects on personal privacy.
On Sunday, thousands of photos and videos from the Snapchat service were put online, apparently taken from sites including Snapsaved.com, which had allowed people to log in using their Snapchat username and password to offer desktop-based rather than handset-based access to the site - and also the chance to store photos, which are meant to be deleted within seconds of being viewed.
Snapchat blamed third-party apps, without naming Snapsaved, for the breach.
In a Facebook posting, an unnamed spokesman for the Snapsaved site says that “I would like to inform the public that snapsaved.com was hacked” due to a mistake in the setup of its web server. “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” the unsigned statement continues. “As far as we can tell, the breach has effected [sic] 500MB of images, and 0 personal information from the database.”
The rebuttal comes after another anonymous claim, made via a posting on the Pastebin site - commonly used by hackers to post claims and conquests - that the administrator of Snapsaved had provided one or more hackers with a way to browse the content on the site.
“The content released from this site was provided to us by the administrator of the site,” the writer claimed. “Users could freely browse all media on this website, and view as per user account.
“When the site became unusable, the administrator compiled a full directory of the content and uploaded it to an un-indexed website where you could freely download it.”
But Snapsaved denies that on its Facebook page: “the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server.”
An error in setting up the Apache web server software could, under certain circumstances, leave a listing of directories on the site visible to someone who attacked the site. The Pastebin poster does not specify how they were able to see the site.
Snapsaved claimed on Facebook in November 2013 to have 10,000 visitors, but the Facebook page does not put a newer figure on it apart from saying that the majority of users were Swedish, Norwegian and American. It is not connected with Snapsave, an Android app which allowed people to store Snapchat photos on their phone. Snapsave is not believed to have been breached.
Snapsaved.com now redirects to a Danish e-commerce site.
guardian.co.uk © Guardian News and Media Limited 2010