More than 4.5 million Snapchat usernames and phone numbers have leaked after hackers exploited a security flaw exposed by Australian white-hat hackers and posted the information online.
The database of information was available to download from the website SnapchatDB.info, which is currently suspended. A cached version of the site can be viewed here.
"You are downloading 4.6 million users' phone number information, along with their usernames. People tend to use the same username around the web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with," the site said.
The hackers behind SnapchatDB used a recently published Snapchat API exploit to access the photo-messaging app's usernames and phone numbers. They did not immediately respond to a request for comment.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech start-ups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," the hackers said in a statement to TechCrunch.
"Our main goal is to raise public awareness on how reckless many internet companies are with user information. It is a secondary goal for them, and that should not be the case."
The SnapchatDB hackers said they censored the last two digits of users' phone numbers "in order to minimise spam and abuse," but said they may agree to release their uncensored database "under certain circumstances".
Australian white-hat hackers Gibson Security published Snapchat's API and two exploits last week, according to ZDNet. The SnapchatDB hackers then used a "modified version" of a Gibson Security exploit for its leak.
Snapchat addressed the Australian group's disclosure in a short blog post published last Friday.
"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse," the company said.
The SnapchatDB hackers said Snapchat's reluctance to take "the necessary steps to secure user data" compelled the hackers to take action, according to a statement to TechCrunch.
Gibson Security said on Wednesday it was not involved in SnapchatDB's leak.
"As much as we were hoping that it wouldn't come about, we felt that something like this was inevitable – Snapchat may have invoked it with their recent blog post about how they had fixed the exploit and that the entire thing was a non-issue."
The group posted a tweet on Tuesday responding to the incident: "We know nothing about SnapchatDB, but it was a matter of time til something like that happened. Also the exploit works still with minor fixes."
A similar security flaw in Snapchat was revealed exactly one year ago, when users' email addresses were exposed.
Snapchat did not immediately respond to a request for comment on the latest security breach.
Mashable is the largest independent news source covering digital culture, social media and technology.