Gibson Security says it first made Snapchat aware of the issue in August, nothing that none of the exploits revealed have been addressed in past four months.
"Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking the gibson," Gibson Security wrote.
Credit: Flickr Lane Fournat
There's a bit of animosity in Gibson Security's blog post. At one point, the firm flat out accuses Snapchat of "lying to investors." The company's referring to the millions of dollars in funding Snapchat has received, as well as buyout offers rumored to be as high as $3 billion.
The bottom line for Snapchat users is that their phone numbers are at risk. It's also worth noting that the security hole is present in both iOS and Android versions of the photo and video sharing app. On the surface this may not seem like a big deal, but Gibson Security contends hackers can make a good deal of money by selling personal information on the underground market.