You may have heard about a similar issue affecting Google Pixel phones last week, where researchers discovered that cropping an image using Markup didn't actually delete the data you removed.
Script Lets Recover Cropped Information
Instead, it just hid it from view, and anyone with some technical skills could recover it using a simple script. This was dubbed “Acropalypse” by the researchers, and it could expose sensitive information like passwords, credit card numbers, or personal messages.
Well, it turns out that Microsoft's Snipping Tool for Windows 11 and Snip & Sketch for Windows 10 have a very similar exploit, according to another researcher named David Buchanan. He tweeted that if you take a screenshot with these tools, save it, crop it, and save it again to the same file, the data may still be available in the file. He also said that you can use almost the same code that was used for Pixel screenshots to get at that data with some minor changes.
Windows Snipping Tool is vulnerable to Acropalypse too.
An entirely unrelated codebase.
The same exploit script works with minor changes (the pixel format is RGBA not RGB)
— David Buchanan (@David3141593) March 21, 2023
This means that if you ever cropped out something from your screenshots using these tools and shared them online or via email or chat apps, someone could potentially see what you tried to hide. This is especially bad if you cropped out something confidential or embarrassing.
How can you tell if your screenshots are vulnerable? Well, one way is to check their file size. If they are much larger than they should be based on their dimensions and quality settings, then they probably contain extra data that wasn't properly deleted. You can also try running Buchanan's script on them yourself (if you know how) and see what comes up.
Still no Fix
How can you avoid this problem? Well, until Microsoft fixes this issue (which we hope they do soon), there are some alternatives you can use to crop your screenshots safely. One option is to use Paint or another image editor instead of Snipping Tool or Snip & Sketch.
Another option is to use a different screenshot tool altogether. There are plenty of free ones online with ShareX being one of the best in our opinion. Or you can just avoid cropping anything sensitive from your screenshots in the first place.
This flaw is pretty alarming and shows how important it is to be careful with what we share online. You never know who might be able to see more than what meets the eye. So keep an eye on your screenshots.