If you’ve ever logged into a “Snapchat API” you should change your password NOW.
Snapchat has never released an official API for public use by third parties. This means any time you’ve seen a request to “authenticate your username with Snapchat’s API”, whether it was from an app or a digital agency, you’re simply being conned into sharing your log-in info for use by strangers. If you have given your password to a third party, you have given them your actual password and they are logging in to your account directly to see your personal information, your personal conversations and all of your views.
Snapchat addresses this in a blog post from 2014, after a hack of a third party app left thousands of accounts breached allowing private photos and conversations to hit the web.
Why is this a problem for influencers?
Advertising on social platforms is becoming standard, but not all social platforms have an API that enables agencies to allow their users to authenticate who they are, or to collect data on followers, audience size, demographics, and engagement.
As a result, unfortunate activities have been occurring in the influencer space, particularly with folks claiming to have access to API’s that simply do not exist. Unbeknownst to the advertiser or the influencer, the individual “authenticating” is misled and is actually just placing their password into a form that is then recorded and later used for direct log-in to the individual’s account.
Snapchat influencers have become a target as outsiders take advantage of the lack of public knowledge about the API and what actually exists. There are many groups that claim access to Snapchat’s API. This is fraudulent and puts the agency, influencer and brand at risk depending on the particular agency’s insurance policy.
When you authenticate with an official API, the company does not receive your password. This is part of the protection that comes with an official API. A third party provider/company needs your actual password to complete the programmatic login flow with Snapchat, but they cannot store the password with a secure, one-way encryption, thus making it a huge security vulnerability. The provider will log in by spoofing an actual mobile device, making Snapchat unaware of what they intend to do. Once logged in, they can access contacts, messages, and snapchats from your friends as well as download/store any snaps you may receive.
What can I look for?
As Instagram begins to close off API access to third-party influencer agencies in an effort to gain more control over their advertising platform, influencers need to be on the lookout for fake API access that will be collecting a password for direct log-in. Also, brands need to ensure that the partner that they are working with is not participating in illegal activity and has insurance protection.
Remember, Markerly will never create a fraudulent API, which would put your data in tremendous jeopardy as well as compromise the privacy of your account. Please take caution when engaging with any company that asks for your Snapchat password, and report them directly to Snapchat.