App giant, Snapchat, appears to have ignored warnings about a security issue resulting from a loophole in its coding and application programming interface (API) that could allow for the hacking of user’s information, according to the online security firm, Gibson Security.
Gibson claims to have notified Snapchat of the potential issue back in August, but Snapchat apparently chose not to act. Now the frustrated Gibson researchers have published the API and code for “two exploits” that could allow hackers to match phone numbers with names of users and also to create legions of fake Snapchat accounts. They explained that the problem could have been fixed earlier with just ten lines of code, but that Snapchat ignored their warnings and they felt they had to act.
Gibson cautions that both scams and stalking are possible as a result of the security issue ignored by Snapchat. Hackers could use phone numbers that they amass to uncover the actual identities of users as well as their general locations. They could even use the information gathered to create a profit-making database wherein Snapchat users’ phone numbers and social media profiles could be purchased by anyone providing only the individual’s Snapchat username.
No misuse of information gathered as a result of Snapchat’s security loophole has been reported yet, but now that the capability has been widely revealed, some feel that it is only a matter of time.
Others posit that it is not quite as easy to stalk and scam Snapchat users with this method as Gibson may have you think. In order to actually match phone numbers with user names, a hacker would have to take a list of every phone number in the United States and cross-check it against all of the users’ number gathered from Snapchat, an exacting and time-consuming process.
Gibson Security explains, though, that a cross check of all U.S. numbers could be completed in about 27 hours, and if an area code is provided with the Snapchat user’s number, the process could be even faster. While 27 hours may seem like a long time, Gibson researchers seem to feel that the time might be worth it for someone who thinks they can amass the data to be used for profit as described above or through scamming.
Snapchat claims to have over eight million users and is known as a widely popular app for both Android and iOS users, with younger users make up a large portion of its clientele.
This isn’t the app’s first foray into controversy though. Snapchat has gained a reputation for being a preferred platform for sexting among younger users due to the “temporary” nature of its photos, messages and video clips. Media sent via Snapchat “disappears” in less than ten seconds after viewing.
Snapchat sexting made headlines in November, when just days after the company reportedly turned down a $3 billion buyout offer from Facebook, three teenage boys in Montreal were arrested for allegedly distributing pictures of two 13 and 15-year-old girls with whom they were acquainted. While the girls were under the impression that the messages would disappear within a few seconds of being viewed, the boys found a way around the vanishing feature by reportedly taking screenshots of the pictures before they disappeared.
There has been speculation that Snapchat’s reputation as a tool for sexting could impact its value to investors negatively. Now that Snapchat is experiencing another scandal, having apparently ignored security warnings that could make users vulnerable to hacking, there could be similar speculation about the company’s value again.
By Michele Wessel