Posted on 01-08-2014
There are opposing views of what's happened, but apparently the group contacted Snapchat in August 2013 letting them know of a potential vulnerability in their API, in which Snapchat claims they responded by instituting rate limiting to address the problem.
Apparently the actual vulnerability wasn't addressed, and in December the group mapped the private API, the company uses for their mobile app. They don't officially have an API, but like most mobile applications, it is right beneath the surface.
After mapping the interface the group proceeded to suck all the data, organized and publish as SnapchatDB, in an effort to raise awareness of the issue and point out that Snapchat was to slow in responding to the exploit.
Regardless of the exact facts, it is clear that Snapchat was lax on security. API rate limiting and other common security measures are pretty common place. API providers like 3Scale have been around for years delivering plug and play infrastructure to help you deal with this. There is no reason to be caught with your pants down.
It doesn't matter whether your API is public, private or just for partners, you need to have your security practices tight. You owe it to your users and developers.
Disclosure: 3Scale is an API Evangelist partner.
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- If We Cannot Keep the Pipes Transparent And Accessible We Are Screwed
- Taking A Look At The API Licensing Stack
- Machine Readable Terms Of Service Didnt Read Applied To Apis Via Apisjson
- Hipster Coffee Shop Interface
- Separating The Layers Of The API Operations Onion While Thinking About API Copyright
- Implementation Of An API Design Should Never Require Permission From The API Designer
- What Would API Copyright Have Done To The Birth Of Cloud Computing
- The Machine Readable Questions We Should Ask Of Terms Of Service
- Retrieve My Data Like Retrieving Video Surveillance Photos From CCTV
- Restaurant Menus As Analogy For API Copyright