MacNN Forums (
-   Tech News (
-   -   Researcher: Snapchat API exploits enable user data collection (

NewsPoster Dec 26, 2013 09:18 PM
Researcher: Snapchat API exploits enable user data collection
An unpatched code flaw in <a href="" rel='nofollow'>Snapchat</a>'s API is allowing rogue coders to generate a script to associate actual phone numbers with Snapchat user names, display names, and account privacy settings. This information, combined with other data breaches can be sold, as well as pose a significant amount of data on a Snapchat user that has been identified in such a matter.<br />
<br />
Snapchat is a service which allows users to exchange videos or messages that Snapchat deletes after ten seconds after they are opened. The exploit doesn't change this fact, but does give API script users implementing the undocumented hooks more access to personal information about the senders. Gibson Security claims that the hooks are easily removable from the API, and can be deleted with little effect to the rest of the API.<br />
<br />
Researchers at <a href="" rel='nofollow'>Gibson Security</a> published the undocumented hooks in the Snapchat API, after being ignored by Snapchat since August. Gibson Security told <a href="" rel='nofollow'>ZDnet</a> in an email that a coded script harvesting user data could "automatically build profiles about users, which could be sold for a lot of money."
All times are GMT -4. The time now is 12:22 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.3.2