FYI.

This story is over 5 years old.

Tech

Snapchat Source Code Leaked and Posted to GitHub

Snap confirmed to Motherboard that an iOS update recently exposed some of the company’s source code.
Image: Shutterstock

GitHub is often the go-to place for hackers or researchers to archive interesting code or data dumps. But sometimes affected companies do their best to remove exposed data from the code repository site.

Earlier this year, Snap—the company behind social media network Snapchat—exposed some of the source code of the network’s iOS app, Snap confirmed to Motherboard on Tuesday. After someone archived that exposed code on GitHub, Snap told GitHub to remove the data with a copyright act request, Snap told Motherboard.

Advertisement

“An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately,” a Snap spokesperson told Motherboard in an email. “We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community.”

The independent security researcher known as x0rz tweeted about the takedown on Tuesday, pointing to a copy of the request itself.

“What would be the best solution for the alleged infringement? Are there specific changes the other person can make other than removal?” one section reads.

“NO, THIS SHOULD BE REMOVED BECAUSE IT IS ALL LEAKED SOURCE CODE,” the reply, from a Snap employee, reads.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The takedown was enforced under the Digital Millennium Copyright Act (DMCA), a law businesses often use to protect their intellectual property. In February, Apple used a DMCA request to remove some of its own code from GitHub.

One of the GitHub repos previously hosting the Snapchat code now says “We have disabled public access to the repository.”

It appears some researchers are trading the data privately, however.

“Yeah I got it. DM me,” one Twitter user wrote on Tuesday.