Snapchat Exploits Revealed: Phone Number, Name Matching and Cloned Accounts

Researchers revealed that Snapchat’s users’ information are greatly at risk in the popular photo-sharing app Snapchat.

According to a report from ZDNet, Gibson Security, back in August, has already warned Snapchat of its security vulnerability, however, the warning went ignored. The researchers told the company two exploits they discovered which include phone number and name matching, and cloning of accounts.

Four months later, after numerous mobile app updates, which did not include fixes for the exploits, the research company publishes a follow-up report reminding Snapchat that it is highly vulnerable to cyber attacks and users’ phone numbers can be stolen.

“Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them),” the researchers told the Business Insider.

“We [hope] that Snapchat audits their code and improves how security and bugs are handled in the company,” they added.

Gibson Security told ZDNet through e-mail that the metadata could be used in combination with other APIs to “automatically build profiles about users, which could be sold for a lot of money.”

As explained by the security firm, the mass registration exploit can be to make several clone accounts, which could then be used to speed up matching phone numbers and names.

Snapchat, gained its popularity through its 10-second viewing rule, wherein images sent will be automatically deleted 10 seconds after opening the message. Since it is less risky than the usual, many users send improper or even indecent images of themselves to others.

However, last January, another security susceptibility of the app was revealed. It was made known that through the use of an app called Snap-Hack Pro for Snapchat, which could be downloaded in the iTunes’ App Store, users’ could find Snapchat videos in a file browser while the smartphone was connected to a personal computer or Mac.

Real Time Analytics