Snapchat employee data lost in phishing attack

Social media service plans to intensify its staff training going forward

Snapchat employees current and former have had their details compromised, following a scam email against the social media company.

The company, known for its ephemeral video messaging service, published a public apology to its employees on its blog, explaining that one of its employees had fallen for a phishing attack and disclosed the payroll information of a number of employees, and former employees.

"Last Friday, Snapchat's payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our chief executive officer and asked for employee payroll information," wrote Snapchat in its blog post.

"Unfortunately, the phishing email wasn't recognised for what it was a scam and payroll information about some current and former employees was disclosed externally."

Advertisement - Article continues below

Snapchat emphasised that its internal servers were not breached and no user data was affected by the cyber attack.

It would not be specific about what was included in the payroll information, but it likely includes personal details, such as employees names, addresses, bank details and pension plans.

When it identified that one of its employees had fallen for a scam, Snapchat moved quickly. It reported the incident to the FBI. It has also contacted the affected employees, both current and former, and offered them two years of identity theft insurance and monitoring.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat added.

"To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks."

Snapchat has been in the news for security breaches on more than one occasion. Hackers exposed some 100,000 explicit pictures in 2014, that users presumed had been deleted by the temporary messaging service, which has become a haven for sexting.

A report in 2013 from Gibson Security also exposed security flaws in the service, and later that same year the service was hacked via a vulnerability in a third-party API.

In related news, the UK government is taking phishing attacks against businesses seriously and wants UK businesses to train its employees about the importance of cybersecurity. Earlier this month Ed Vaizey, minister for culture and the digital economy, launched a free e-learning course to teach HR staff the dangers of cyber attacks.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

How to protect against a DDoS attack

25 Oct 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019

Google to offer $1.5m to anyone that can break a Pixel 4

22 Nov 2019

Salesforce takes AWS relationship to the next level

19 Nov 2019