Snapchat admitted on Sunday that an email phishing scam was successfully able to acquire confidential employee payroll information.
An employee of Snapchat’s payroll department
was targeted by an email phishing scam on Friday. Impersonating Snapchat CEO Evan Spiegel, the cybercriminal asked the employee to release payroll information of current and past employees. Believing
they were receiving a direct request from their CEO, the Snapchat employee acquiesced to the request.
Although internal employee information was revealed, Snapchat insists that no customer or
user data was breached. Within four hours, the company had reported the scam to the Federal Bureau of Investigation (FBI), and any employee affected by the scam will be granted two years of free
identify-theft insurance and monitoring.
“We’re a company that takes privacy and security seriously,” SnapChat stated in a blog post on the company’s Web site. “So it’s with real remorse – and embarrassment –
that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally
unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.”
It’s important to note
that impersonation is a common tactic of would-be spear phishers, or cybercriminals who target organizations and businesses such as Snapchat.
Email phishing email messages most often appear to
look genuine. For example, an email may look as if it was sent from a trusted company, friend, family or, in Snapchat’s case, boss.