“People could operate a service similar to ssndob.cc, where you could pay a few dollars and obtain the phone number and social media profiles of a person, just by their username.
“[Snapchat could have fixed this] by adding rate limiting; Snapchat can limit the speed someone can do this, but until they rewrite the feature, they’re vulnerable. They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed best practices and focused on security (which they should be, considering the use cases of the app).”
Also: This security hole could have been closed with 10 lines of code.
Step it up, Bros.
[H/T: Elite Daily]