SnapChat Employee Falls Victim of CEO Impersonation
The employee caused a data-breach which gave hackers access to internal systems and information about current and former employees. Snapchat themselves has assured SnapChat users that their servers used for the app itself were not compromised, and that customer data was not breached.
In a blog posting on their website, the company announced that it was “with real remorse–and embarrassment–that one of our employees fell for a phishing scam”:
We’re a company that takes privacy and security seriously. So it’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.
Here’s what happened: Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information. Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.
Needless to say, we responded swiftly and aggressively. Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI. We began sorting through which employees–current and past–may have been affected. And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring.
When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again.
Team Snapchat
We would like to that this time to remind you, that no-one famous is going to email you – and even if you receive an email from a supposed ‘trusted source’ – if that email encourages you to send money anywhere, click on links, or authorize someone you have never met to do something, please examine the email carefully – and even if the email appears genuine – please verify in PERSON that the email is legitimate!