Gibson Security has published details of two exploits, which reveal a number of "vulnerabilities" within the app.
It is not only possible to build a database of Snapchat users by linking usernames to people’s phone numbers, but also to access the images being sent, leaving users susceptible to scammers and stalkers.
However Snapchat has published a statement making the hack sound impractical and noting “We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
There are no details on how these counter-measures work, such rate limiting, bad IP blocking, or automated systems that scan suspicious activity that may be someone trying to match names and numbers.
Snapchat stresses there’s no easy way to discover someone’s phone number based on their username and further explains that the ability to match names and phone numbers on a limited basis is very helpful for users trying to find their friends.
GibsonSec first flagged up the issue in a statement released in August, but Snapchat failed to address the problem.
"Someone could save media sent to them and, as we recently found, build a database of Snapchat usernames and phone numbers, connecting names to aliases easily, and with further work connecting social media accounts to entries," GibsonSec said in the statement.
"Someone could view all your unread messages, and depending on the situation, modify and even replace the images completely," the statement added.
Snapchat isn’t the only one suffering security issues around names and phone numbers.
In June, a hacker named Brandon Copley downloaded 2.5 million phone numbers from Facebook using a Graph Search exploit that preyed on people who had their phone numbers included on their profiles.