Earlier this week, the hacker group Gibson Security published what it claimed was Snapchat’s API, and revealed two security exploits that could allow hackers to scrape phone number and personal data from Snapchat. Turns out, it appears to be accurate.
Snapchat confirmed that the group had posted documentation for its private API and responded to the scraping claim this way:
If someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do.
Snapchat’s admission was vague, though it suggested that the company isn’t terribly concerned about potential privacy violations. The company said it continues to implement countermeasures to limit spam and abuse.