Tech & Science

Snapchat Source Code Leaked Online, Potentially Exposing Company Secrets

Snap Inc. was forced to send a takedown request to a website used to host computer files after Snapchat source code was leaked online, potentially exposing company secrets.

Last Friday, the Microsoft-owned code repository GitHub received an urgent request. The individual had a simple complaint: Someone had published code from what purported to be Snapchat’s iOS app. “We would appreciate you take down the whole thing,” he or she wrote. Source code is not typically made public, and is the basic component of an app’s design.

“I am [redacted] at Snap Inc., owner of the leaked source code,” the complaint stated. The takedown request was filed under the Digital Millennium Copyright Act (DMCA), which is the main U.S. copyright law. The notice listed the description as “Snapchat source code.”

Pointing to a webpage hosting the seemingly stolen material, a further description read: “It was leaked, and a user has put it in this GitHub repository. Snap Inc. doesn’t publish it publicly.” The complaint listed a California contact address—the same as Snap Inc.’s corporate HQ.

Snapchat A Snapchat logo is seen through broken glass in this illustration picture, May 11, 2017. REUTERS/Dado Ruvic/Illustration

It remains unclear exactly what data the source code contained. 

GitHub disabled access to the repository, which was previously titled “Source-SnapChat.” It was initially uploaded by a user with the name “i5xx” and Twitter handle @i5aaaald, experts said.

The discovery of the leaked source code was first reported by TorrentFreak. The publication linked “i5xx” to a location in Pakistan and a website offering modified or hacked software.

A scan of the @i5aaaald Twitter profile by Newsweek confirmed that the user had indeed made multiple references to Snapchat code in recent months, as some researchers suggested.

In May, @i5aaaald discussed application code from Snapchat. On August 4, the account directly addressed Snapchat’s support profile. “We tried to communicate with you but did not succeed,” i5aaaald said. “We decided [to] deploy source code [and] I will post it again until you reply.”

“It is plausible that the Snapchat app was shipped with source code, allowing @i5aaaald to browse the files with his jailbroken iPhone,” cybersecurity researcher x0rz told Newsweek.

“Considering the poor volume (21 thousand lines of code for a total of 2MB of uncompressed files) the whole code wasn't leaked,” x0rz continued, noting that it could also possibly be outdated. But whether up to date or not, there was little doubt that the code originated at Snap Inc.

“The code headers divulge a few authors that appear to be working for Snapchat,” x0rz said, explaining that LinkedIn profiles had been used to verify the app developers’ identities.

“Given this and the DMCA request, these files are indeed belonging to Snapchat.”

In a statement, a Snap Inc. spokesperson said: “An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately.

“We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community.”

The statement was first reported by Vice Motherboard.

This article was updated with comment from Snap Inc. 

Editor's Pick