Facebook users warned of leaked Snapchat photos phishing threat

Graham Cluley
Graham Cluley
@[email protected]

Leaked Snapchat photos on FacebookFacebook pages claiming to link to leaked photos distributed via the Snapchat smartphone app can be attempting to steal your passwords, according to one security researcher.

Snapchat, you will remember, is the smartphone app that allows you to send a photograph or video to an acquaintance.

The app’s gimmick is that the snap is only supposed to be viewable for a few seconds before it is destroyed. But, as I explained last year, it doesn’t actually prevent the recipient from making a digital copy.

Regardless, you can imagine just how many young people have used the app for sexting, without thought of the possible embarrassing and humiliating consequences.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s no surprise then to discover that a number of unsavoury Facebook pages have sprung up, publishing candid and salacious Snapchat photos of young people in compromising positions, gathering thousands of fans in the process.

Security researcher Troy Hunt found one such Facebook page, and discovered that it was driving traffic to a page designed to phish usernames and passwords from Facebook users.

Snapchat phishing on Facebook

The good news is that Troy reports that this particular Facebook page has now been taken down by the site’s security team.

However, a casual search of the social network found numerous other pages that claim to offer leaked Snapchat pics, and it would be no surprise if they are using the lure of candid photos that were supposed to have remained private as bait to build an audience of thousands of fans with the intention of later abusing their trust.

Troy sums up the situation well in his blog post:

There are numerous Facebook pages that are nothing more than fronts for credential harvesting or other scams. The heavy use of social media via mobile apps which don’t provide the same degrees of phishing protection as you find in browsers on the desktop increases the efficacy of these scams. Anything that attracts new victims is fair game, even if it means prospering from the death of others. And finally, if you really want free porn, just Google for it rather than handing over your Facebook credentials!

In my opinion, it’s a shame that Facebook isn’t more proactive in policing offensive and dangerous pages on its network, as they spring up at an alarming rate.

Learn more about the threat by reading Troy Hunt’s blog post.

If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.