Snapchat doesn’t just make messages disappear after a period of time. It also does the same to GitHub repositories — especially when they contain the company’s proprietary source code.
So, what happened? Well, let’s start from the beginning. A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan’s southeastern Sindh province, created a GitHub repository called Source-Snapchat.
At the time of writing, the repo has been removed by GitHub following a DMCA request from Snap Inc
Four days ago, GitHub published a DMCA takedown request from Snap Inc., although it’s likely the request was filed much earlier. GitHub, like many other tech giants including Google, publishes information on DMCA takedown requests from the perspective of transparency.
To the question “Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online,” the Snap Inc representative wrote:
“SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T PUBLISH IT PUBLICLY.”
The most fascinating part of this saga is that the leak doesn’t appear to be malicious, but rather comes from a researcher who found something, but wasn’t able to communicate his findings to the company.
According to several posts on a Twitter account believed to belong to i5xx, the researcher tried to contact SnapChat, but was unsuccessful.
“The problem we tried to communicate with you but did not succeed In that we decided [sic] Deploy source code,” wrote i5xx.
The account also threatened to re-upload the source code. “I will post it again until you reply :),” he said.
For what it’s worth, it’s pretty easy for security researchers to get in touch with Snap Inc. The company has an active account on HackerOne, where it runs a bug bounty program, and is extremely responsive.
According to HackerOne’s official statistics, the site replies to initial reports in 12 hours, and has paid out over $220,000 in bounties.