Snapchat Hit By Phishing Attack, Employees Compromised

After a phishing scam succeeded on Friday to expose the payroll information of some Snapchat employees, CEO Evan Spiegel wrote them a letter to express his deepest apologies. An employee in the payroll department of Snapchat fell victim to a phishing scam, providing an individual with current – and previous – employee records. Between the first and third quarters of previous year, the number of reports of unique e-mail phishing campaigns ranged from just under 50,000 in January to almost 150,000 in May, the report said. Police are now investigating.

Although Snapchat’s servers and users’ data was not breached, a number of Snapchat employees have had their identity compromised and some payroll information revealed.

It seems Snapchat fell prey to an embarrassingly common type of phishing email, which purports to come from the head of the company itself.

Even though the incident proved how vulnerable Snapchat’s security protocols are, the company officials insist that their internal systems are fine and that no user information was exposed. The targeted employee leaked confidential information – thinks names, Social Security numbers, wages, benefits, stock-options, and W-2 tax form data. Snapchat also offered two years of free-identity theft insurance to its employees who may have been affected by the scam.

The company has promised to improve its already strict training programs about privacy and security in the coming weeks. And when the CEO of your company wants to review payroll information on some employees, you zip that information over to him ASAP. Despite responding “swiftly and aggressively”, Snapchat has been forced to contact a slew of employees past and present to let them know their financial details may have been compromised.

‘When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. An employee actually sent out this information to a faceless, nameless person on the other side of the internet connection. This time, however, the fault lies squarely on Snapchat, and only those closest to the company appear to be impacted.

Phishing attacks – in which fake emails are used to encourage people to hand over sensitive data – are increasingly popular with hackers. Many of them, such as Snapchat, include extensive security training for employees.