SnapChat just got phished – employee information leaked

ByCraig Haley

You don’t have to be a technophobe to fall for Internet scams. It really can happen to any of us, as those in the SnapChat offices found out recently.

Staff from the popular instant message app – famed for its disappearing messages – were tricked by a spear-phishing campaign that resulted in sensitive payroll information about current and former employees being leaked to cyber-criminals.

Spear-phishing, for the uninitiated, is a phishing scam (pretending to be a trusted entity you’re not to obtain sensitive information from a victim) designed to fool a specific target, unlike generic phishing scams that are typically sent out en-masse to a large number of people with the idea that a small number of targets may “bite”.

In this case, the scam was specifically designed to fool staff at SnapChat since the email sent by the scammers appeared to come from SnapChat CEO Evan Spiegel asking for employee payroll information.

SnapChat said…

Unfortunately, the phishing email wasn’t recognized for what it was – a scam – and payroll information about some current and former employees was disclosed externally.”

SnapChat haven’t released what information exactly was compromised, but it could be social security numbers, salary, personal information like names and addresses and even banking details.


Sponsored Content. Continued below...




Affected employees have been notified and offered free identity theft protection and monitoring for the next two years. Though this could potentially cause quite the headache for them if scammers use that information to commit identity fraud.

Phishing scams designed to target specific companies are common, and as such it is imperative that such businesses that may be targeted have strict and rigorous procedures in place to ensure that such scams cannot be successful, and an integral part of that is staff training. Businesses have an inherent disadvantage as criminals can easily access public data about them and design their scam emails accordingly to make them appear more believable.

So it goes to show that not even trending software companies are immune to relatively primitive email scams. We imagine the criminals could hardly believe their luck when they found out that their scheme worked.