A flaw in ephemeral messaging service Snapchat's API has been exploited, and the phone numbers and usernames of some 4.6 million users are now on a site called SnapchatDB.info. The Washington Post reported
on Wednesday on the hack, noting that Snapchat users can look up whether their accounts are among the affected by going to this site
. The API vulnerability was publicized last week
, and Snapchat later stated that it had made the hack "more difficult to do" in response.
The hackers, though, still managed to access millions of user accounts. In a statement
, SnapchatDB said the hack was accomplished using a modified version of the previously publicized method. The hackers' motivation, though, was to increase security.
"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does."
Snapchat DB apparently censored the last two digits of the hacked phone numbers in order to minimize spam and abuse.
While it did reveal no small amount of user information, the breach did not affect Snapchat's primary function. The service allows users to send image and video messages that self-delete a few seconds after they are opened. Security experts, though, say that coded scripts harvesting user data could "automatically build profiles about users, which could be sold for a lot of money."