A hacker published the code, allegedly belonging to the Snapchat app for iOS
Enterprise network security specialists from the International Institute of Cyber Security report that the source code of the popular social network app Snapchat appeared recently online after a hacker leaked it and published it on GitHub, the Microsoft-owned code repository.
A GitHub account under the name of Khaled Alshehri with the identifier i5xx, who claimed to be from Pakistan, created a GitHub repository called “Source-Snapchat”describing it as “Source Code for Snapchat”, in which he published the code of what was supposed to be the Snapchat app for iOS.
According to enterprise network security experts, the code would have the potential to expose company’s extremely confidential information, such as the complete design of the messaging app, how the application works, and what functions are planned in upcoming updates.
Snapchat’s parent company, Snap Inc., responded to the leak by submitting a copyright request under the Digital Millennium Copyright Act (DMCA), which helped remove the online repository that hosted the app’s source code.
While it is not clear exactly what confidential information contained the leaked Snapchat source code, the company panic may be noted in their DMCA request, suggesting that the code published in the i5xx repository was, indeed, the source code of the Snapchat app.
When consulting for a detailed description of the copyrighted work allegedly been infringed, the Snapchat employee responsible for carrying the DMCA request stated that “it is the Snapchat source code, which was leaked and a user has published it in his GitHub repository. We would appreciate the taking down of the post”, states the Snapchat DMCA request.
Snap Inc. Commented to the media that, as a result of an iOS update implemented in May, a “small amount” of its source code for iOS was exposed. However, Snap Inc. confirmed that the code was subsequently deleted and that the event did not compromise its app and had no impact on users.
Hackers threaten to publish the code again
It seems that the user behind the leak created the GitHub account for the sole purpose of sharing the source code, since nothing else was published in the account before or after the source code was leaked.
What’s more, enterprise network security specialists report a series of tweets of at least two people (from Pakistan and France) who seem to be behind i5xx’s account suggest that they tried to contact Snapchat to get a bounty for flaw reporting. But, after not getting any response from the company, the users threatened to reload the source code until Snapchat contacted them.
The Snapchat source code was removed from the repository after the DMCA request reached GitHub, and will not be restored unless the original editor presents a legal counterclaim that proves he owns the source code. However, this does not solve the problem ultimately. Since the Snapchat source code is still in the hands of external people, they could re-publish it in other online forums, or they could use it to try to get some benefit.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.