Posted on 01-08-2014
There are opposing views of what's happened, but apparently the group contacted Snapchat in August 2013 letting them know of a potential vulnerability in their API, in which Snapchat claims they responded by instituting rate limiting to address the problem.
Apparently the actual vulnerability wasn't addressed, and in December the group mapped the private API, the company uses for their mobile app. They don't officially have an API, but like most mobile applications, it is right beneath the surface.
After mapping the interface the group proceeded to suck all the data, organized and publish as SnapchatDB, in an effort to raise awareness of the issue and point out that Snapchat was to slow in responding to the exploit.
Regardless of the exact facts, it is clear that Snapchat was lax on security. API rate limiting and other common security measures are pretty common place. API providers like 3Scale have been around for years delivering plug and play infrastructure to help you deal with this. There is no reason to be caught with your pants down.
It doesn't matter whether your API is public, private or just for partners, you need to have your security practices tight. You owe it to your users and developers.
Disclosure: 3Scale is an API Evangelist partner.
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- My Continued Support As Signer Of Oracle v Google Amicus Brief From EFF
- We Only Launched An API When It Helps Us, But We Will Act Like It Is Was For You
- Reworking My API 101 Content And First Up Is The 100K View
- Introducing API.Report, A Community API News Site
- API Evangelist Thoughts On The Right To An API Key And Algorithmic Organizing
- You Can Have An API Just By Choosing Products And Services That Have APIs
- If We Cannot Keep the Pipes Transparent And Accessible We Are Screwed
- Taking A Look At The API Licensing Stack
- Machine Readable Terms Of Service Didnt Read Applied To Apis Via Apisjson
- Hipster Coffee Shop Interface