Snap, the parent company of SnapChat, has revealed that an update earlier this year to the social media app accidentally exposed some of its source code.
Snap says that an update in May to the iOS edition of SnapChat accidentally exposed “a small amount” of its source code, and that the company was able to identify its blunder and rectify it immediately.
To SnapChat’s undoubted concern, some of the exposed code was posted online on GitHub by an unauthorised party – a fact which was highlighted by a Digital Millennium Copyright Act (DMCA) request for the leaked source code to be removed.
Part of the DMCA request reads as follows:
**Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.**
SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T PUBLISH IT PUBLICLY.
The code has now been removed from GitHub under DMCA, but that – of course – is no guarantee that it won’t continue to pop up on other parts of the internet, or that unknown parties may have archived the code for their own purposes.
Snap told Motherboard that the security breach did not compromise SnapChat and “had no impact on our community.”
According to a report on The Next Web, a Twitter account though to belong to the person who posted the source code online suggests that it was only published on GitHub after attempts to contact SnapChat failed.
One imagines that if an unauthorised party had managed to access even some of SnapChat’s source code that would suggest a serious security breach, that would be expected to be in contention for a sizeable reward if disclosed responsibly.
Publishing SnapChat’s source code is definitely not the best way to get the attention of the company, which has paid out almost a quarter of a million dollars in bug bounties via HackerOne in the past, and is said to typically respond to initial communications from researchers within 12 hours.
It is thought that SnapChat’s code may have been available on GitHub for over two months.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/snapchats-source-code-leaked-out-and-was-published-on-github-20209.html