A botched iOS app update has seen Snapchat’s source code uploaded to file sharing website GitHub, briefly leaving it open for anyone to download. Luckily, parent company Snap managed to get the leak removed thanks to a takedown request.
The source code was uploaded to GitHub under a free account, often used to host open-source projects in comparison to paid private repositories. Although no malicious intent has been identified, it has been confirmed that this allowed some researchers to download the code before Snap managed to remove the code under the Digital Millennium Copyright Act (DMCA).
“An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately,” a spokesperson for Snap explained to Motherboard in an email. “We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community.”
Access to the source code of any application can result in reverse engineering, allowing rivals to create strong competitors based on its own design, or manipulate the original app into doing things it wasn’t originally intended to do. Fortunately, independent security researcher known as x0rz tweeted about the takedown request as it happened on Tuesday, stating that when unzipped it “clearly isn't the full source code” given its small 2MB size.
It’s not clear just how much damage the snippet of source code could be in the hands of the wrong people, but users are still trading the data privately meaning it’s entirely possible we could find out in the coming months.
KitGuru Says: This isn’t great news for GitHub and by extension Microsoft, which is currently in the middle of acquiring the repository site. Luckily, it looks like things were handled in a swift manner despite people getting their hands on the sensitive data.