Since August, Gibson Security has been trying to warn Snapchat about an exploit that could match the usernames of Snapchat users with their phone numbers. This hack could really hurt the company. Despite this, Snapchat did nothing, so on Christmas Eve, Gibson Security sent out a tweet containing Snapchat’s API and a pair of exploits for the site.
This essentially allows anyone to copy the API and go after the app’s 8 million users. Gibson says that the metadata can be used with other APIs to “automatically build profiles about users, which could be sold for a lot of money.”
They really should have acknowledged this and fixed it for all to see. With the Find Friends exploit, one could take phone numbers and match it up with Snapchat usernames. The Bulk Registration Exploit lets someone bombard the site with new registrations. According to Gibson, both were known to Snapchat for four months, and could have been closed with just ten lines of code. Aside from this, Gibson also says that Snapchat is not telling the truth when it claims that its users are 70% female. So there is that as well.
Now Snapchat has released a statement saying that it has added safeguards and barriers over the years to prevent an exploit like Find Friends from working. Well, this is not good news for Snapchat. I hope they don’t get hacked because of this and lose their company value.
Source Phone Arena