Published on

Snapchat Hacked - $15.000 Bounty

Snapchat Hacked - $ 15,000 Bounty

Snapchat has paid out a bug bounty of fifteen thousand dollars to an ethical hacker on HackerOne. This bounty was given for identifying a significant vulnerability where an attacker could delete anyone's content from Snapchat's Spotlight feature remotely. Let's take a closer look at how this hack works:

First, the attacker needs to visit my.snapchat.com/my-posts and log in to their account. Once logged in, they can see their own posts. Using a tool called Burp Suite, they intercept the network traffic to capture the delete request. This request contains a parameter called "ID" that uniquely identifies the video to be deleted.

By simply changing this "ID" parameter to someone else’s video ID, the attacker can forward the modified request and delete another user’s content. The video ID can be easily obtained from the URL when sharing a Spotlight video.

Imagine the impact this could have: influencers, content creators, and ordinary users who have worked hard on their videos could have their content deleted without their consent. If you come across a vulnerability like this, it is crucial to report it to the security team or through the designated channels.

Keywords

  • Snapchat
  • Bug Bounty
  • Ethical Hacker
  • HackerOne
  • Burp Suite
  • Spotlight
  • Network Traffic
  • Delete Request
  • Video ID
  • Vulnerability

FAQ

Q1: What was the reward for finding the Snapchat vulnerability? A1: The reward was fifteen thousand dollars.

Q2: What could an attacker do with this vulnerability? A2: With this vulnerability, an attacker could delete anyone's content from Snapchat's Spotlight remotely.

Q3: What tool did the ethical hacker use to exploit this vulnerability? A3: The ethical hacker used Burp Suite to intercept the network traffic and capture the delete request.

Q4: What parameter in the delete request could be manipulated to delete other users' content? A4: The parameter is called "ID".

Q5: How could the video ID be obtained by the attacker? A5: The video ID can be easily obtained from the URL when sharing a Spotlight video.

Q6: What should you do if you find a similar vulnerability? A6: It’s important to report such vulnerabilities to the security team or through designated channels.

Read More