The 2014 'Snappening': Dropbox wrongly named, then cleared
October 2014
As thousands of intercepted Snapchat photos leaked in the so-called 'Snappening,' early reports tied Dropbox to the incident — but Dropbox flatly denied any involvement, and the actual leaks came from third-party apps and unrelated breaches, not Dropbox's systems.
What happened
In October 2014 a trove of images sent via Snapchat leaked online in an episode dubbed the 'Snappening.' The breach was traced to Snapsaved.com, an unofficial third-party app that secretly saved Snapchat photos against Snapchat's terms; Snapsaved said it had itself been hacked. Amid the same news cycle, separate posts of Dropbox usernames and passwords led some early coverage to associate Dropbox with the leaks.
Dropbox denied that its servers had been breached, stating that the credentials referenced in the reports had been stolen from unrelated third-party services and were not the result of any compromise of Dropbox. As reporting clarified, the Snapchat photo leak and the Dropbox credential lists were distinct events — both ultimately attributable to third-party apps and password reuse rather than to a breach of Dropbox or Snapchat's core systems.
Impact
The episode is a cautionary example of breach misattribution: Dropbox's brand was swept into a sensational story it had no part in, and the correction never travels as fast as the accusation. It reinforced two real lessons — that third-party apps piggybacking on a service can expose users while the named service stays intact, and that credential lists circulated as a fresh 'hack' are often recycled from unrelated breaches and reuse.