More than 55,000 Snapchat users have had their usernames and passwords exposed online via a publicly available site.
The details of the phishing attack were shared by technology blog The Verge, which claims to have seen secret Snapchat e-mails discussing the breach.
The attack, which was purportedly coordinated from the Dominican Republic, saw Snapchat users sent a URL that, if opened, loaded a very convincing fake Snapchat login screen.
If user entered their username and password into the fraudulent screen, the details were immediately forwarded onto the hackers.
This style of cyberattack is known as ‘phishing’, because its uses bait in an attempt to catch a victim.
In a statement, a Snapchat spokesperson said: “We are very sorry when anyone is tricked by phishing.
“While we can’t prevent people from sharing their SnapChat credentials with third parties, we do have advanced defences to detect and prevent suspicious activity.
“We encourage Snapchatters to always use strong passwords, enable login Verification, and never use third-party apps or plugins.”
Snap Inc, the company behind Snapchat, says it uses machine-learning to scan for suspicious links sent inside the app.
It claims thousands of suspicious URLs are proactively blocked each year.
If you’re worried about the hack, it’s worth checking the website haveibeenpwned.
Run by security researcher Troy Hunt – the free database tracks online breaches and allows anyone to check whether their email address has been included in a publicly-available leak.
In this instance, you’ll need to enter email address associated with your Snapchat account to find out whether it has been affected.
The site will tell you when the breach occurred and exactly what information was impacted.
You can also sign-up for alerts tied to any of your email addresses, so you will be notified as soon as another breach is picked up by the site.
Snap Inc says the 55,851 or so accounts hit by the July phishing attack have been notified that their passwords have been reset.