Snapchat's parent company, Snap Inc., said that an iOS update exposed some of its source code.
That same code was leaked and posted on GitHub, a popular place for developers to share and learn programming, before the company asked the site to remove the data.
An app's source code is rarely made public. This is because the code makes the software work, and it's the core component behind the entire design. Therefore, it's extremely confidential. Companies behind it can go through great lengths to protect that intellectual property.
The same goes to Snapchat.
The leaked information was posted on a GitHub repository called Source-Snapchat by a user with the handle i5xx claiming to be in Pakistan. Snap responded by filing an action under the Digital Millennium Copyright Act (DMCA) which prohibits the theft of intellectual property.
These typically focus on unauthorized sharing of movies, music, video games, and other entertainment media. But in Snapchat's case, source code is also covered by the act.
"An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately," said a Snap representative. "We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community."
The individual who sent the DMCA request said, "I am [redacted] at Snap Inc., owner of the leaked source code." The request then follows: "we would appreciate you take down the whole thing."
The language used in the DMCA request somehow conveys a sense of panic. Written in all capital letters, the person at Snapchat is seen to suggest that the contents of the repository are indeed genuine.
The repository has a description of "Source Code for SnapChat," and the code is written in Apple's Objective-C programming language. This also suggests that the repository have contained part or whole of the company’s iOS application, component to the service, or a separate project from the company.
An independent security researcher known as x0rz tweeted about the takedown, pointing to a copy of the request itself.
It didn't take long until GitHub disabled public access to the repository.
While the request was reportedly enforced by a copyright law, the popularity of Snapchat may have the leak an interesting prospect by many who have stumbled upon it. If this is the case, the leaked data should have been traded privately.
After all, GitHub is often the go-to place for developers, hackers and researchers to archive interesting code or data dumps.