Health Care In America
Featured Series: Health Care In America
Millions of people enrolled in President Barack Obama's signature Affordable Care Act. But the future of that health care legislation is unclear as we head into a new presidency.

Snapchat Exploits Could Match Users' Names And Phone Numbers

Two Snapchat exploits and the app's API were published Tuesday. The exploits allow hackers to match names to phone numbers and create fake accounts.
SMS
Snapchat Exploits Could Match Users' Names And Phone Numbers

​Snapchat users, we have some potentially bad news. And it's not going away in six seconds.

According to Gibson Security, two security holes in Snapchat's API allow for the mass matching of names to phone numbers and the rapid creation of fake accounts.

The Australian hacker group says it's known about the exploits for months, citing this release from August. But it reports, as of now, Snapchat hasn't done anything to fix them. So Gibson Security published Snapchat's API and the two hacks on Tuesday.

ZDNet reports the code Gibson published is fully functional. And that's worrying for the app's estimated 8 million users because, as Ars Technica writes,​ "Users of the exploit could take that data and resell it for cash, as well as scam or stalk the Snapchat accounts they've identified."

How exactly the hacks work is pretty complicated.

The "Find Friends" exploit is what someone could use to identify users. It can reportedly match names and numbers, even if the account is private. (Via Apple / Snapchat)

 And it's fast. According to Gibson's calculations, "We can assume that it would take approximately 20 hours for one $10 virtual server to eat through and find every user's phone number." The "Bulk Registration" exploit reportedly allows for account creation. 

This, as Gibson notes, could rapidly create thousands of accounts, which could then spam Snapchat users. (Via Snapchat)

This could all be fixed, according to the hackers. And it would only take 10 lines of code. Gibson tells ZDNet:​ "Snapchat can limit the speed someone can do this, but until they rewrite the feature, they're vulnerable. They've had four months, if they can't rewrite ten lines of code in that time they should fire their development team."

That team has maybe been more focused on its freshly updated app. Now users can add filters and "replay" one snap every 24 hours. (Via Mashable)

Snapchat hasn't responded to any requests for comment on these exploits or even acknowledged whether they exist.

Featured Stories
Russian opposition figure Alexei Navalny

Russian Opposition Figure Arrested During Anti-Corruption Protests

A police officer watched trains arrive at a station in Washington, D.C.

D.C. Is Devoting More Resources To Its Missing Children

Scene outside Cameo nightclub after shooting

Suspects On The Loose After Nightclub Shooting Injures 15, Kills 1