It appears that Snapchat's API has been hacked, and exploits that allow a script to associate user's phone numbers, display names, user names, and account privacy level en masse have been published. An Australian hacker group calling themselves Gibson Security published details the hack this week. Snapchat's API has so far been undocumented. One exploit, called the Find Friends exploit, could be used to find the Snapchat username of anyone with a phone number on a list of numbers, according to ZDNet:
When the phone number matches a record of a Snapchat user, the malicious entity will get a record that includes the username, the associated display name, and whether the account is private or not.
The Find Friends exploit could make users vulnerable to scamming, as well as stalking, no matter their privacy setting. Another exploit allows for bulk account registration. This allows someone to create thousands of accounts, using them for spam, or possibly speeding up the process of the Find Friends exploit.
This API and exploit publication could allow someone to build a Snapchat clone that will then let them gather the information of all 8 million Snapchat users. Gibson justifies the release of the API by saying that they were fed up with Snapchat's lack of action on these serious security issues. The group originally notified Snapchat of these security issues back in August, but says that Snapchat has done nothing about it. They also claim that these exploits can be fixed if Snapchat had added rate limiting. Snapchat has, so far, remained silent on this matter.
If you're a Snapchat user, are you worried that someone will attempt to use these exploits? Sound off in the comments below.