- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ 6 Years Ago
- Kacey Musgraves accused of cultural appropriation–and botching it Today 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Today 8:36 AM
- Here are the best PC games to add to your list Today 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Today 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
- How to stream Cowboys vs. Jets in NFL Week 6 Saturday 3:25 PM
- How to stream Rams vs. 49ers in NFL Week 6 action Saturday 3:05 PM
- Kamala Harris’ ‘lover’ says Jacob Wohl hired him off Craigslist Saturday 2:03 PM
- Korean hair salon dragged for turning straight hair into Afro-textured hair Saturday 1:00 PM
- How to stream Chiefs vs. Texans in NFL Week 6 Saturday 12:00 PM
- How to stream Seahawks vs. Browns in Week 6 NFL action Saturday 12:00 PM
Hackers may have just exposed entire database of Snapchat usernames
In the latest Snapchat security issue…
Any company that can afford to turn down $3 billion dollar buyouts is having a very good year, and by most measures that matter for startups, disappearing-photo messaging service Snapchat is having a very good year. The “disappearing”-sharing app is picking up followers faster than a charismatic cult leader. What looked like it might be a novel digital toy for teens is now widely considered an ascendant social network—the next Facebook, the next Twitter, the next thing to make investors see dollar sign upon dollar sign.
But a company that hooks users in by offering a feeling of intimacy has a lot to lose if users decide it can’t be trusted—and it looks like Snapchat users have a new reason to worry.
Australian hacker team Gibson Security published functional code and developer hooks that let anyone infiltrate Snapchat after the messaging service ignored the hackers’ previous attempts to point out security breaches. In a forward published on its website, the GibSec team justified their hack by noting it had been four months since they last pointed out security issues and that “nothing had been really improved upon.”
GibSec released what they call a “full disclosure.” This means that anyone can technically create a clone of Snapchat’s API now, which can be used to track the company’s user base. Which means Snapchat should listen up.
ZDNet’s Violet Blue corresponded with the GibSec team about their decision to publish. The team discovered two separate potentially exploitative scripts: the “Find Friends” exploit and the “Bulk Registration” exploit. For “Find Friends,” the hackers say they can take a list of script-generated phone numbers and obtain “the Snapchat username of anyone with a number in that range.” So, basically, you can find anyone’s Snapchat username based on their phone number. This can help spammers locate active accounts; it can also get lying cheating cheaters with secret Snapchat names in trouble.
The hackers say Snapchat has known about it for around four months—and their team (self-described as poor students with no stable income, scrounging for Bitcoin online) was able to unveil 10,000 phone numbers in seven minutes. GibSec estimates that it would take just 26.2 hours to crunch through all of Snapchat’s numbers. (That was assuming all the numbers were from the U.S., which they aren’t, so it would take longer… but still.)
The “Bulk Registration” exploit is a way to mass-register accounts, as the name suggests. It’s not quite as fecund a hack for malevolence as “Find Friends” but it underlines Snapchat’s lax attitude toward security; a platform of its size and popularity should have a better buffer. And it’s not a matter of these scripts being so complex they evade detection; GibSec told ZDNet they could’ve fixed these issues with 10 lines of code.
It might take some mediating to get past the whole “publishing all the code” thing, but Snapchat should probably just hire GibSec to pay attention to their security lapses, because no one seems to be doing it over there.
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.