Snapchat has become relatively popular in the past year and has been the talk of the press lately after turning down $3 Billion from Facebook. The photo messaging app has been popular among young people and has been a medium for “sexting” due to the fact that photos get deleted after a certain time limit. This gives users the perception of more privacy when they are sending photos.
However, those perceptions are about to change. Yesterday, Gibson Security published a document which reveals two loopholes in Snapchat that could compromise the privacy of its users. One loophole allegedly allows hackers to harvest phone numbers in a target vicinity and match it to their Snapchat account. According to ZDNet:
“After having its security disclosure go ignored since August, Gibson Security has published Snapchat’s previously undocumented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts.
The Australian hackers announced its publication of Snapchat’s API and the two exploits on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia.
Now anyone can build an exact clone of Snapchat’s API and stalk the popular app’s alleged 8 million users.”
As Forbes noted, the real point of publishing the document was not to point out bugs in the software (as everything usually does), but that Snapchat actually had the chance to fix this issue four months ago when Gibson Security first notified the company. According to an email correspondence, the issue could have been fixed “with ten lines of code.”
Gibson Security also claims in the document that they have evidence that Snapchat has been lying to the press and investors in regards to their marketing claims. According to ZDNet:
“The hackers say there is no way Snapchat’s claim to press and its investors to have a majority-female userbase can be true.
He explained that if Snapchat didn’t get that information from an analytics provider such as Nielsen, there is “no way they could obtain this information.”
What do you guys think of these claims in the release? Make some noise in the comments below!