One of 2012's breakout apps, photo- and video-sharing service Snapchat, just hit its first privacy pothole.
Snapchat's twist is a messaging trail that self-destructs. When a user sends an image, they can choose how long the receiver has to view it, picking a timeframe of up to 10 seconds after opening. Then it vanishes.
The allure of a disappearing act frees users to send funny, embarrassing and personal images meant to leave no digital trail. (And yes, it's often used for 'sexting.') The app has been a giant hit, especially with teens. Launched one year ago, Snapchat now hosts 50 million shared images a day, according to the company. Facebook copied the feature last week for its new Poke app.
Except that in the digital realm, nothing ever seems to vanish for good. A newly discovered security flaw can resurrect Snapchat's supposedly nuked videos.
A Buzzfeed article on Thursday explained the hack, which involves opening up an iPhone file browser, navigating to a Snapchat folder, and copying videos over to your computer. Turns out that all those video files that were intended to vanish are actually being accumulated in a cache. Photos don't seem to be stored, according to Buzzfeed's tests.
Snapchat did not respond to CNNMoney's request for comment. Founder Evan Spiegel told Buzzfeed: "The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products — but that spoils the fun!"
A similar flaw also affects Facebook's Poke app, which lets users send Facebook messages and videos that disappear in seconds. Facebook ( acknowledged the glitch and urged users to proceed with caution. )
"While Pokes disappear after they are read, there are still ways that people can potentially save them," a Facebook spokeswoman said in a written statement. "People should think about what they are sending and share responsibly."
Security experts say it's no surprise that "vanishing" messages don't disappear as completely as users expect. True privacy is a huge technical challenge, according to Robert Leshner, founder of Safe Shepherd, a personal-data protection service.
"Some of these photos and videos have to disappear from the servers of the company and have to cease to exist entirely. It's not just removing the accessibility, it's about removing the content," he said. "There are always weak links and chinks in the armor that can be discovered."