A flaw in a Snapchat API service allows potentially to retrieve the telephone number associated with the user account and personal information.

The Snapchat service is mostly known by young generations to send life pictures of yourself to very brief correspondents without worrying overmuch to see linger forever on the web.

The service was noticed recently when its creators have refused an offer to repurchase $3 billion from several large groups wishing to get their hands on what may be the next great idea in social networks.

The Snapchat service is however not free from faults that may disclose personal information. A group just said that there are several flaws in an API that allows potentially connection to retrieve phone numbers of Snapchat users and link to their user name, even when the accounts are private.

According to Gibson Security, the origin of these findings, it is possible from these data to create Snapchat clones or resell databases compiling personal data of users of the service from information gathered via several API.


This could serve as a basis for malicious people to spread scams but also to locate the account holders from their phone number. Snapchat was aware of these problems in August but did not seem to have responded so Gibson Security issued a security alert since, indicating that this could be corrected by a dozen lines of code, and made widely the existence of these problems during a communication released on Christmas Day, hoping to react to publisher, accused of negligence.

The group took the opportunity to point out that the communication of Snapchat service is mostly used by women which is misleading because the editor does not collect this information at the time of account creation.

Moreover, a person able to exploit the flaws in the API may well create numerous false accounts, which may raise questions about the actual number of service users. An issue that comes up for most social networks.