Gibson Security’s exploits behind 4.6m Snapchat user exposée
The perils of failing to heed warnings from mobile security experts have been brought home to Snapchat – the popular photo sharing service. An Australian based operation, Gibson Security, published details for the company’s private API on December 24th . According to reports on the BBC, a hacker group calling itself SnapchatDB promptly published 4.6 million names and phone numbers with the last two digits obscured to prove the point. The group told TechCrunch here, “We used a modified version of gibsonsec’s exploit/method.” When GoMo News saw Gibson Security’s Press release here, we realised that fears that Snapchat was on the verge of introducing advertising could have motivated the revelations.
Gibson Security said that it had, “released information found in the Snapchat application that hints heavily at a new feature for native advertising.”
This information was taken from a recent update to the Snapchat code.
The company continued, “The updated Snapchat application … was discovered to show a persistent notification that would only hide when a displayed URL was opened (by double clicking) in the user’s native browser.”
This had lead Gibson Security to believe it will be used for advertising and claimed that Snapchat CEO, Evan Spiegel, has recently been hinting it might introduce ads to generate revenue.
It seems that Snapchat was aware of the danger. In a recent blog here, it said, ” We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
Obviously, those measures were insufficient.
The attack is significant because recent research by OnDevice which we published here showed that OTT services were overtaking Facebook.
As we said,” The research by OnDevice also found that Snapchat’s largest source of users are 16 to 24-year-olds in the USA.”
“That’s the same group which other research has suggested is leaving Facebook.”
Anyway, GoMo news is sure that Snapchat will plug the leak quickly. If you want to try Snapchat you can download it for free from Google Play here.
Incidentally, Gibson Security describes itself as, “a computer security group with interests in mobile application reverse engineering.”
* UPDATE: Snapchat revealed as being 6th most downloaded app on iTunes App store in 2013 here.