Breach, Compliance Management, Data Security, Malware, Phishing, Privacy

Snapchat payroll data snagged in phishing scam

The personal information of a number of former and current Snapchat employees was compromised after an employee fell for a phishing scheme.

Last Friday, the company's payroll department was targeted by a phishing email in which the scammer posed as its chief executive officer in order to request employee payroll information, according to a Feb. 28 Snapchat blog post.

The attack was confirmed and isolated within four hours of the incident and the Federal Bureau of investigation (FBI) was notified, Snapchat said. Those who were affected have been contacted and offered two years of free identity-theft insurance and monitoring.

Snapchat apologized for the incident and said it will redouble its “already rigorous training programs around privacy and security in the coming weeks.”

None of the firm's internal servers were affected and no user information has been compromised, the company said.

Tim Erlin, director of IT security and risk strategy at Tripwire, told in emailed comments that “criminals continue to use phishing because it works.”

“While training employees can definitely help, phishing tactics evolve continuously to beat the training. Without knowing what data was compromised, it's difficult to assess how it will be used,” Erlin said.

There should be little doubt, he added, that the attackers have a plan to monetize the data they accessed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.