Snapchat source Code leaked after an iOS update exposed it
9.8.18 securityaffairs Social
Hackers leaked the Snapchat source code on GitHub, after they attempted to contact the company for a reward.
Hackers gained access to the source code of the frontend of Snapchat instant messaging app for iOS and leaked it on GitHub.
A GitHub account associated with a person with the name Khaled Alshehri who claimed to be from Pakistan and goes online with the handle i5xx created the GitHub repository titled Source-Snapchat.
After being notified, Snap Inc., has confirmed the authenticity of the source core and asked GitHub to remove it by filing a DMCA (Digital Millennium Copyright Act) request.
“Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.**”
“SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T PUBLISH IT PUBLICLY.” reads the reply of the company to a question included in the DMCA request.
According to Snapchat, the source code was leaked after an iOS update made in May that exposed a “small amount” of the app source code. The problem was solved and Snap Inc ensured that the data leak has no impact on the Snapchat users.
The hackers who leaked the source code are threatening the company of releasing new parts of the leaked code until the Snap Inc will not reply. Likely they are blackmailing the company.SnapChat source code
Two members of the group who leaked the Snapchat source code have been posting messages written in Arabic and English on Twitter.
The two hackers are allegedly based in Pakistan and France, they were expecting a bug bounty reward from the company without success.
At the time of writing two other forks containing the source code are still present on GitHub, it seems that the code was published just after the iOS update.
Snapchat currently run an official bug bounty program through HackerOne and has already paid several rewards for critical vulnerabilities in its app.