Source code for what is believed to be a small part of Snapchat’s iOS application was posted on GitHub after being leaked back in May. After being notified, Snap Inc., Snapchat’s parent company, immediately filed a DMCA request to GitHub to get the code removed.
A copy of the request was found by a ‘security researcher’ tweeting from the handle @x0rz, who shared a link to a copy of the request on GitHub:
Snapchat source code leaked? Apparently yes https://t.co/A58TZ28FEK (Snap Inc. DMCA request to GitHub)
Does anyone have a mirror of the (now deleted) repository? hxxps://github[.]com/i5xx/Source-SnapChat/ #snapchat #leaked
— x0rz (@x0rz) August 7, 2018
You can read the DMCA request in full here.
The initial leak back in May was caused by an update to the Snapchat iOS application. A spokesperson for Snap Inc. explained to CNET:
“An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately… We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community.”
This code was then published by a someone using the name Khaled Alshehri, believed to be based in Pakistan, on GitHub. The repository created – called Source-SnapChat – has now been taken down.
A number of posts linked to the GitHub account suggests that the leaker had tried to contact Snapchat but had been ignored. “I will post it again until I get a reply” they said.
The problem we tried to communicate with you but did not succeed
In that we decided
Deploy source code
I will post it again until you reply 🙂 @snapchatsupport @Snapchat https://t.co/aB58eOjGLE
— خالد الشهري #الاسطورة (@i5aaaald) August 4, 2018
Leaked Snapchat code is still being traded privately
Although GitHub has taken the repo down, it’s not hard to find people claiming they have a copy of the code that they’re willing to trade:
yeah i got it. DM me.
— Luca #OrkSec (@iSn0we) August 7, 2018
Now the code is out in the wild it will take more than a DMCA request to get things under control. Although it would appear the leaked code isn’t substantial enough to give much away to potential cybercriminals, it’s likely that Snapchat is now working hard to make the changes required to tighten its security.
Snapchat is losing users – but revenue is up
15 year old uncovers Snapchat’s secret visual search function