Hacker group publishes Snapchat API and exploits that allow users to be identified

BY Kelly Hodgkins

Published 28 Dec 2013

snapchat-logo2

Snapchat is likely not having a happy holiday after its API was published by a hacker group, according to report by ZDNet. The group also detailed exploits that compromises your anonymity on the messaging service.An Australian hacking group, known by the name Gibson Security, published the details on the hack earlier this week. The group released the previously undocumented API and the code for two exploits (“Bulk Registration” and “Find Friends”) that allow for the bulk creation of bogus accounts and the mass matching of phone numbers, display names, user names, and account privacy level.

Gibson Security told ZDNet that these exploits could be used to “automatically build profiles about users, which could be sold for a lot of money.” It could also be used to create a Snapchat clone that could stalk the service’s 8 million users.

Gibson Security claims it contacted Snapchat with evidence of these exploits in August of this year and was ignored by the company. Tired and frustrated with waiting, the hacker group released its discovery.

“After getting no response from Snapchat during that time, we decided to release on Christmas day. We also saw Evan Spiegel’s company send unlawful take down notices to open source Snapchat clients, as well as disregard a major flaw of his app, how easily snaps are decrypted.”

Gibson Security claims the exploits could be closed with ten lines of code.