A group of young Australian hackers called Gibson Security posted information on Christmas Eve exploiting loopholes in Snapchat‘s security that “allows mass matching of phone numbers with names and mass creation of bogus accounts,” reports ZDNet.
According to ZDNet, Gibson published the codes because they had warned Snapchat of the vulnerability last August, but were ignored by the $2 billion company.
The loopholes are accessed by reverse-engineering Snapchat’s API, or re-writing a script of code.
But the security glitches are just the start of Gibson’s Snapchat revelations.
First off, Gibson claims Snapchat could have closed the loopholes by writing just 10 more lines of code. They also said that Snapchat, along with its investors, lied to the press not too long ago when they said that 70% of its users are female because there is no way such statistics could be obtained.
Gibson’s security exploits state that a 1:1 link can be established between a person’s phone number and Snapchat account.
The hackers told ZDNet that the first loophole, called the “find friends exploit,” generates phone numbers and then obtains the Snapchat usernames of any phone number that matches the record of a Snapchat user.
“People could operate a service similar to ssndob.cc, where you could pay a few dollars and obtain the phone number and social media profiles of a person, just by their username.
“[Snapchat could have fixed this] by adding rate limiting; Snapchat can limit the speed someone can do this, but until they rewrite the feature, they’re vulnerable. They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed best practices and focused on security (which they should be, considering the use cases of the app).”
The most significant finding here seems to be that it is incredibly easy to register a false Snapchat account and access the phone numbers of virtually any user, even if the account is private.
It is therefore impossible to determine what percentage of Snapchat accounts are actually valid.