Hackers have posted the usernames and mobile phone numbers of 4.6 million US Snapchat account holders on a website called SnapchatDB.info.
Snapchat is a mobile app that allows users to send and receive “self-destructing” photos and videos.
But the last two digits of the users’ phone numbers were censored and the website has been taken down, although a cached version is still available, according to the BBC.
The hack comes days after Australian firm Gibson Security warned that hackers could exploit vulnerabilities in the Snapchat app.
The hackers said they had exploited the security flaw highlighted by Gibson Security. “We used a modified version of gibsonsec’s exploit/method,” they were quoted as saying by Tech Crunch.
The hackers said their aim was to raise public awareness around the issue, and also put public pressure on Snapchat to get the exploit fixed.
“It is understandable that tech startups have limited resources, but security and privacy should not be a secondary goal. Security matters as much as user experience does,” they told Tech Crunch.
In a report published on 25 December 2013, Gibson Security warned that a vulnerability on the Snapchat app could be used to reveal the phone numbers of users.
The report said Snapchat had been alerted to this possibility four months ago, but had taken no steps to improve security.
Snapchat acknowledged the vulnerability in a blog post on 27 December, but said it had implemented “various safeguards” to protect user data.
The hackers who published the Snapchat user data said the vulnerability still exists, making it possible to harvest user data on a large scale.
Snapchat has yet to respond to requests for comment and information on what steps it plans to take to ensure user data is safe.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com