Last Friday, the company's payroll department was targeted by a phishing email in which the scammer posed as its chief executive officer in order to request employee payroll information, according to a Feb. 28 Snapchat blog post.
The attack was confirmed and isolated within four hours of the incident and the Federal Bureau of investigation (FBI) was notified, Snapchat said. Those who were affected have been contacted and offered two years of free identity-theft insurance and monitoring.
Snapchat apologized for the incident and said it will redouble its “already rigorous training programs around privacy and security in the coming weeks.”
None of the firm's internal servers were affected and no user information has been compromised, the company said.
Tim Erlin, director of IT security and risk strategy at Tripwire, told SCMagazine.com in emailed comments that “criminals continue to use phishing because it works.”
“While training employees can definitely help, phishing tactics evolve continuously to beat the training. Without knowing what data was compromised, it's difficult to assess how it will be used,” Erlin said.
There should be little doubt, he added, that the attackers have a plan to monetize the data they accessed.