Snapchat employee data lost in phishing attack

Social media service plans to intensify its staff training going forward

Snapchat employees current and former have had their details compromised, following a scam email against the social media company.

The company, known for its ephemeral video messaging service, published a public apology to its employees on its blog, explaining that one of its employees had fallen for a phishing attack and disclosed the payroll information of a number of employees, and former employees.

"Last Friday, Snapchat's payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our chief executive officer and asked for employee payroll information," wrote Snapchat in its blog post.

"Unfortunately, the phishing email wasn't recognised for what it was a scam and payroll information about some current and former employees was disclosed externally."

Advertisement - Article continues below
Advertisement - Article continues below

Snapchat emphasised that its internal servers were not breached and no user data was affected by the cyber attack.

It would not be specific about what was included in the payroll information, but it likely includes personal details, such as employees names, addresses, bank details and pension plans.

When it identified that one of its employees had fallen for a scam, Snapchat moved quickly. It reported the incident to the FBI. It has also contacted the affected employees, both current and former, and offered them two years of identity theft insurance and monitoring.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat added.

"To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks."

Snapchat has been in the news for security breaches on more than one occasion. Hackers exposed some 100,000 explicit pictures in 2014, that users presumed had been deleted by the temporary messaging service, which has become a haven for sexting.

Advertisement - Article continues below

A report in 2013 from Gibson Security also exposed security flaws in the service, and later that same year the service was hacked via a vulnerability in a third-party API.

In related news, the UK government is taking phishing attacks against businesses seriously and wants UK businesses to train its employees about the importance of cybersecurity. Earlier this month Ed Vaizey, minister for culture and the digital economy, launched a free e-learning course to teach HR staff the dangers of cyber attacks.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

How to protect against a DDoS attack

25 Oct 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020

Travelex disruption caused by devastating ransomware attack

8 Jan 2020