Snapchat Apologizes For Employee Data Leaks After Phishing Attack

The Snapchat team has issued an apology addressed to its employees Sunday after a phishing attack tricked the company's payroll department into divulging personal information of current and previous employees.

"Last Friday, Snapchat's payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information," Snapchat said in an official statement. "Unfortunately, the phishing email wasn't recognized for what it was-a scam-and payroll information about some current and former employees was disclosed externally."

Snapchat has not identified the identity of the individual or the group who perpetrated the attack, which is being called "spear phishing," a method that targets specific persons or organizations as opposed to random users. This type of phishing is said to have posed a greater problem in 2015 based on a report by the Anti-Phishing Working Group (APWG).

The company maintained that it has taken steps to address the breach with a series of initiatives. It has, for instance, reported the incident to the FBI and also promised to adopt more rigorous training programs for its employees that focus on privacy and security in the coming weeks. While Snapchat determines who were affected among its employees, each one now gets a free identity theft insurance for two years.

The management also reassured Snapchat users that none of the internal systems were breached, including user information.

It is important to note that Snapchat has already encountered hacking attacks in the past. In 2014, for example, it leaked around 200,000 user photos after unofficial third party apps were compromised. Snapchat has not revealed what type of employee information were leaked in the latest incident but if they contain payroll data, it could include salary, social security numbers, financial information, addresses and emails, among others.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat said. "To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks."

Tags
Snapchat
Real Time Analytics