Cyber Incident Victim: thesnappening.org
Date:
Oct 2014
Location:
United States of America
Summary
A teenager created a website to distribute approximately 98,000 private Snapchat images and videos, including suspected underage content, sourced from a compromised third-party service. The site was taken down following media exposure, sparking backlash from users seeking access to the material on Reddit forums. Critics argued the operator merely redistributed content leaked via a third-party app breach and condemned the publication of his personal details in reports. Subsequently, hackers claiming to be "Team Danny" breached the domain, defaced it with the operator's private information, and justified the attack as retaliation. The operator later regained control of the site but did not publicly address the incident. Reddit discussions included requests to locate specific individuals' content within the leak and concerns about potential child exploitation material.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2014, a teenager named Mudit Grover created thesnappening.org to host approximately 98,000 private Snapchat images and videos obtained through a breach of third-party service snapsaved.com. The content, which included suspected nude imagery of minors, was distributed via Grover’s website until Mashable exposed the operation on October 14. Following media scrutiny, Grover voluntarily shut down the site on October 14 or early October 15, triggering widespread complaints on Reddit forums like r/thesnappening and r/fappeningdiscussion. Users expressed frustration over losing access to the material, with some criticizing Grover’s decision while others defended him by arguing the leaks originated from users who installed insecure third-party Snapchat apps. Concurrently, Redditors accused Mashable of doxxing Grover by revealing his identity in their reporting. The r/thesnappening subreddit featured requests for specific content from the cache, including one user seeking images of a classmate while expressing concern about accessing child exploitation material within the 13GB dataset.
On October 15, hackers identifying as "Team Danny" compromised thesnappening.org’s domain shortly after Grover deactivated it. They defaced the site to display Grover’s alleged home address, cellphone number, and landline, accompanied by a message claiming responsibility. Team Danny publicly announced their hack on Twitter, linking to the defaced pages and mocking Grover’s security practices. When contacted by Mashable via secure chat, a representative from Team Danny described the intrusion as "trivial," motivated by amusement after reading Mashable’s article, and justified targeting Grover because "he deserved it." The hacker falsely claimed to be a 13-year-old from Africa, likely to obscure their identity. Grover regained control of the domain within hours, removing Team Danny’s message, but did not respond to Mashable’s requests for comment regarding the retaliatory breach. The incident highlighted secondary threats facing operators of illicit content platforms, including vigilante hacking and exposure to legal risks associated with distributing potentially illegal material.