Snapchat API and exploits published by hacker group, could allow users' names and phone numbers to be connected

Snapchat API and exploits published by hacker group, could allow users' names and phone numbers to be connected

It appears that Snapchat's API has been hacked, and exploits that allow a script to associate user's phone numbers, display names, user names, and account privacy level en masse have been published. An Australian hacker group calling themselves Gibson Security published details the hack this week. Snapchat's API has so far been undocumented. One exploit, called the Find Friends exploit, could be used to find the Snapchat username of anyone with a phone number on a list of numbers, according to ZDNet:

When the phone number matches a record of a Snapchat user, the malicious entity will get a record that includes the username, the associated display name, and whether the account is private or not.

The Find Friends exploit could make users vulnerable to scamming, as well as stalking, no matter their privacy setting. Another exploit allows for bulk account registration. This allows someone to create thousands of accounts, using them for spam, or possibly speeding up the process of the Find Friends exploit.

This API and exploit publication could allow someone to build a Snapchat clone that will then let them gather the information of all 8 million Snapchat users. Gibson justifies the release of the API by saying that they were fed up with Snapchat's lack of action on these serious security issues. The group originally notified Snapchat of these security issues back in August, but says that Snapchat has done nothing about it. They also claim that these exploits can be fixed if Snapchat had added rate limiting. Snapchat has, so far, remained silent on this matter.

If you're a Snapchat user, are you worried that someone will attempt to use these exploits? Sound off in the comments below.

Source: ZDNet

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Joseph Keller

News Writer for Mobile Nations. Fascinated by the ways that technology connects us.

More Posts



← Previously

OpenEmu rethinks emulator gaming for OS X

Next up →

How to check your iPhone call history using Siri on iOS 7

Reader comments

Snapchat API and exploits published by hacker group, could allow users' names and phone numbers to be connected


Well ...

"Most of Snapchat’s infrastructure is hosted on Google’s cloud computing service, App Engine."

That was enough for yours truly to NOT use it in first place! Anything in the world with google involved ...

One has to admit...especially with Google's shameless antics of illegally tracking Safari users. If there's a way Google could make a buck off of Snapchat accounts (with moderately low risk of punitive damage), other than perhaps extortion, they just might feel a little tempted….

Yes, google and those running it always find a WAY to make a BUCK off of anything and anyone at any cost.

They have no shame because they believe they OWN the universe and everything must be FREE and OPEN SOURCE .... except their search inner working formula!

Not one of the apps that I use for social media. I'm sure they will do an update to correct this issue!

Sent from the iMore App

Let's hope.

And go Seahawks! As a Steelers fan who grew up in Seattle, I want to see a rematch from Super Bowl XL. Go Chiefs, I guess...

I'm not a big user yet, only signed up Two days ago. The exploit is curious because exploits for apps are always a concern. Am I concerned about my account? No. My question is why did Facebook offer $3B for them? The interface is the ugliest I have used in a long time. The app itself is not very intuitive at all considering its use. I expected a lot more when I downloaded considering all the hype around it lately.

Sent from the iMore App