Image sharing service Snapchat had made a name for itself given that users can specify how long the recipient would have before the images would self-destruct, guaranteeing anonymity for personal pictures. As a result, a large number of Snapchat users have used the app and service to send more racy images, known as sexting. However a known loophole in Snapchat’s service was discovered by Gibson Security experts that make Snapchat not as secure as previously thought, and the exploit could be used to obtain a phone numbers and identities of Snapchat users without their knowledge or permission.
The researchers said they had reached out to Snapchat about the exploit some four months ago, but due to a lack of responsiveness from Snapchat, they are detailing their hack.
According to Business Insider, your sent images are still secure and hackers cannot still view unopened or opened snaps. Rather, Gibson says “what we disclosed allows you to obtain the phone number of any Snapchat user without their permission.”
So how does this affect Snapchat users?
Essentially, hackers could obtain Snapchat names, aliases, and phone numbers of any user of the service on the iOS or Android platform, and this could be used to create bogus accounts.
“With the now-published “Find Friends Exploit” a malicious entity can use the Snapchat API to write an automated program that generates phone numbers to exhaustively search the Snapchat database for users,” ZDNet published. “This allows them to obtain a “1:1″ link between a person’s phone number and their Snapchat account.”
This could lead to users being stalked if whomever they are messaging with could obtain their real phone numbers, negating the benefit of the anonymous service.
In addition to this hack, another third-party app called Snap-Hack Pro is also available on the iOS App Store that would allow users to save Snapchat images–images that were designed to be self-destructing–if they open the images with Snap-Hack Pro prior to viewing them in the Snapchat app.
The worse part is that Gibson researchers say that this could have been patched with just ten lines of code. The researchers say that because Snapchat has been unresponsive to their inquiries on the exploit found in the service, they are releasing details on how to perform the hack in an effort to get Snapchat to patch its service to make it more secure.