Exploits of Snapchat’s API allow for a script to associate phone numbers with Snapchat users’ display names, user names, and account privacy level, according to a report from ZDNet citing a collective called Gibson Security. Users of the exploit could take that data and resell it for cash, as well as scam or stalk the Snapchat accounts they’ve identified.
Gibson Security claims it’s known about this exploit, as well as one that would let a hacker bulk-register thousands of accounts on the service, since August. Snapchat failed to acknowledge Gibson Security’s attempts to contact it about these exploits, Gibson Security writes, so it published the API and exploits on Tuesday.
The phone numbers and names can be connected even if the Snapchat user’s account is set to private. The information could be scraped together into a database like that of ssndob.cc, according to ZDNet, which allows site-goers to “pay a few dollars and obtain the phone number and social media profiles of a person, just by their username.”