[BreachExchange] Snapchat source Code leaked after an iOS update exposed it

Destry Winant destry at riskbasedsecurity.com
Wed Aug 8 22:58:21 EDT 2018


https://securityaffairs.co/wordpress/75181/breaking-news/snapchat-source-code-leak.html

Hackers leaked the Snapchat source code on GitHub, after they
attempted to contact the company for a reward.

Hackers gained access to the source code of the frontend of Snapchat
instant messaging app for iOS and leaked it on GitHub.

A GitHub account associated with a person with the name Khaled
Alshehri who claimed to be from Pakistan and goes online with the
handle i5xx created the GitHub repository titled Source-Snapchat.

After being notified, Snap Inc., has confirmed the authenticity of the
source core and asked GitHub to remove it by filing a DMCA (Digital
Millennium Copyright Act) request.

“Please provide a detailed description of the original copyrighted
work that has allegedly been infringed. If possible, include a URL to
where it is posted online.**”

“SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS
GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T
PUBLISH IT PUBLICLY.” reads the reply of the company to a question
included in the DMCA request.

According to Snapchat, the source code was leaked after an iOS update
made in May that exposed a “small amount” of the app source code. The
problem was solved and Snap Inc ensured that the data leak has no
impact on the Snapchat users.

The hackers who leaked the source code are threatening the company of
releasing new parts of the leaked code until the Snap Inc will not
reply. Likely they are blackmailing the company.

Two members of the group who leaked the Snapchat source code have been
posting messages written in Arabic and English on Twitter.

The two hackers are allegedly based in Pakistan and France, they were
expecting a bug bounty reward from the company without success.

At the time of writing two other forks containing the source code are
still present on GitHub, it seems that the code was published just
after the iOS update.

Snapchat currently run an official bug bounty program through
HackerOne and has already paid several rewards for critical
vulnerabilities in its app.


More information about the BreachExchange mailing list