Home Snapchat Flaws Reportedly Expose Phone Number, Account Information

Snapchat Flaws Reportedly Expose Phone Number, Account Information

If you use Snapchat, your ephemeral photo and video messages aren’t the only things that could disappear.

Gibson Security, a group of anonymous hackers whose website describes members as “poor students with no stable source of income,” just published what it claims is Snapchat’s API and details two exploits that could purportedly allow would-be hackers to access the phone number and username of millions of Snapchat users. If the revealed code is accurate, it would also let just about anyone build a Snapchat copycat.

The hackers alerted Snapchat of the exploits back in August, but the messaging startup failed to take action on the vulnerabilities. The company reversed-engineered both iOS and Android APIs to discover the security flaws.

While ReadWrite couldn’t confirm the documentation does, in fact, allow people to scrape Snapchat users’ phone numbers, the group claims it isn’t difficult to find exploitations in the application. If it’s true, it could be bad news for Snapchat, an app that has suffered privacy scrutiny in the past.

See Also: Snapchat To Users: Yes, Hackers Can Scrape Your Personal Data

The “Find_Friends” and “Bulk Registration” exploits allegedly allow a program to generate random phone numbers, and if one matches a Snapchat account, hackers could see usernames and display names of the account, as well as the privacy settings. Additionally, malicious coders might be able to use the exploits to create thousands of fake accounts.

“The use case where an evil party who wishes to stalk someone, the scraping for that could be done on a home computer in an afternoon with enough information,” a spokesperson for Gibson Security told ZDNet

This isn’t the first time Snapchat’s security flaws have been exposed. Earlier this year, a researcher at Decipher Forensics in Utah revealed that snaps aren’t actually deleted from your phone, just hidden. While they’re difficult to access once deleted, they’re still stored in the device’s memory. 

Snapchat Needs To Focus On Security

Not only did Gibson Security’s original security notifications go unanswered by Snapchat, but the security research firm told ZDNet that the problem could have been fixed “with ten lines of code.” 

The hackers also noted that Snapchat’s claim that the majority of users who use the service are women is false. Based on the documentation, it’s impossible to tell users’ gender.

So what does this all mean? Essentially, unknown parties could access the personal information you’ve trusted to Snapchat, and can presumably also create fake accounts with random phone numbers. Snapchat is notoriously tight-lipped as to how many users are actually on the service, though it does claim 400 million messages are received daily. 

If accurate, the newly exposed exploits from Gibson Security suggest that some, possibly even many, Snapchat accounts may well be spammers. We’ve reached out to Snapchat for comment and will update this post if we receive a response.

Update: Snapchat responded to Gibson Security’s allegations in a blog post on Friday. They confirmed it’s possible to scrape users’ information. 

Image via RyanNagelmann on Flickr

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.