Dive Brief:
- Snapchat accidentally shared personal data of current and former employee’s with a hacker last week.
- The data was leaked after a Snapchat employee fell victim to a phishing scam.
- The company has not yet revealed what information was compromised or how many employees were impacted, but it did say that none of its users' data was compromised.
Dive Insight:
The attacker pretended to be CEO Evan Spiegel while asking for employees’ payroll information. The payroll specialist that received the email did not realize it was a scam and dutifully responded with the data.
A post on the company’s blog states “It’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised.”
It’s not the first time Snapchat has dealt with data theft. In 2014, the usernames and phone numbers of over 4 million Snapchat users were leaked by hackers, who were reportedly unhappy that the company wasn’t taking a system vulnerability seriously enough. Since then, the company has touted its dedication to data security.
Phishing emails continue to be a successful tool for hackers -- especially phishing emails that pose as normal office communications. In December, anti-phishing company PhishMe said phishing emails pretending to be regular office communications tend to be the most effective, with an average click-through rate of 22%.
