Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Snapchat Source Code Leaked

iOS Update Led to Snapchat Source Code Leak

Hackers obtained some source code for the popular messaging application Snapchat and made it public on GitHub, claiming that they were ignored by the app’s developer.

iOS Update Led to Snapchat Source Code Leak

Hackers obtained some source code for the popular messaging application Snapchat and made it public on GitHub, claiming that they were ignored by the app’s developer.

The source code appears to be for the frontend of Snapchat for iOS. The company behind Snapchat, Snap Inc., has confirmed that the code is genuine by getting GitHub to remove it using a DMCA (Digital Millennium Copyright Act) request.

When users file a DMCA request with GitHub, they are instructed to provide a detailed description of the original copyrighted work that has allegedly been infringed. In this section, a Snap representative wrote, “Snapchat source code. It was leaked and a user has put it in this GitHub repo. There is no URL to point to because Snap Inc. doesn’t publish it publicly.”

Snapchat code leaked to GitHub

Snapchat told several news websites that the leak is a result of an iOS update made in May that exposed a “small amount” of its source code. The issue has been addressed and the company says the incident has not compromised its application and had no impact on the Snapchat community.

Messages posted on Twitter by the individuals who appear to be behind the source code leak suggest that they are expecting some sort of “reward” from Snapchat. It’s not uncommon for researchers who find vulnerabilities to quarrel with vendors over the impact or severity of a bug. However, Snapchat appears to be the target of an extortion attempt considering that the hackers say they will continue posting the code.

At least two individuals, allegedly based in Pakistan and France, appear to be involved in the incident. They have been posting messages written in Arabic and English on Twitter.

Snapchat hacker

While Snap says the code posted online has been removed, at least two forks (i.e. copies) exist on GitHub and they suggest that the code has been online since May 24. A few hours before this article was published, the original hackers also re-uploaded the code to GitHub.

Advertisement. Scroll to continue reading.

Snapchat does have an official bug bounty program powered by HackerOne and the company has been known to award significant rewards for critical vulnerabilities. Last year, two researchers earned a total of $20,000 for finding exposed Jenkins instances that allowed arbitrary code execution and provided access to sensitive data.

Related: Snapchat Employee Falls for Phishing Attack

Related: Source Code of iOS Security Component iBoot Posted on GitHub

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...