It looks like there is an exploit in the snapchat API. More specifically, an unpatched code flaw in Snapchat’s API. One that is allowing rogue coders to generate a script to associate real phone numbers with Snapchat user names, display names, and account privacy settings.
Not a great situation since this information, combined with other data breaches can be sold, as well as pose a significant threat to a Snapchat user that has been identified in this way. If you aren’t familiar with Snapchat, it is a service that allows users to exchange videos or messages that Snapchat deletes ten seconds after they are opened. The exploit doesn’t affect this function of course, but does give API script users implementing the undocumented hooks more access to personal information about the senders.
According to Gibson Security, the hooks are easily removable from the API, and can be deleted with little effect to the rest of the API. After being ignored by Snapchat since August, researchers at Gibson Security published the undocumented hooks in the Snapchat API. As Gibson Security points out to ZDnet in an email, a coded script harvesting user data could “automatically build profiles about users, which could be sold for a lot of money.” Hopefully they fix it quickly.