Snapchat employee data compromised in phishing attack
Snapchat Inc. has fallen victim to a phishing scam.
A payroll department employee at the Venice company emailed sensitive personal information about 700 current and former workers to someone pretending to be Chief Executive Evan Spiegel on Friday, a spokeswoman said.
The impostor received employees’ W-2 tax form data, including name, Social Security number, wages, stock-option gains and benefits. Fifteen minutes after replying, the employee realized the original request, which appeared as if it had been sent from Spiegel’s email address, wasn’t legitimate. The employee then sent a followup email to Spiegel, who didn’t recognize the original note.
User data wasn’t compromised and the company’s servers were not breached, Snapchat spokeswoman Mary Ritti said.
Phishing and other social engineering tactics are the top reason behind corporate data breaches, surveys have shown. No matter how many firewalls and other defenses companies mount, hackers have continued to find an easy way in by tricking workers into clicking malicious links and releasing data in response to realistic messages.
Ritti said Snapchat planned to do more internal training. She declined to release a copy of Friday’s phishing email, citing the ongoing law enforcement investigation.
The company has had problems before. A vulnerability exploited by hackers in 2013 led to names and phone numbers of millions of users being compromised. Since then, the company has touted several measures to upgrade security.
Chat with me on Twitter @peard33