It looks like Snapchat has been scammed by an enterprising phisherman who managed to collect personal data on about 700 employees of the social media service.
According to reports that appeared overnight in Los Angeles Times, a payroll department employee accidentally emailed the personal information of about 700 employees (current and past) to someone masquerading as Snapchat CEO Evan Spiegel. The specific answer the scammer requested and received? Unfortunately, some very useful stuff, including W-2 forms with names, ages, Social Security numbers, wages, stock option gains and benefits.
The employee reconsidered that transmission about 15 minutes after sending and decided to follow up with Spiegel. Spiegel confirmed he had never sent such a request and that whoever did was spoofing his email address.
“It did not affect our users or our service whatsoever,” the company said in a statement. “It impacted our employees, and we are obviously very sorry that it happened. We are doing everything we can to work with our team now and prevent it in the future.”
Phishing has become an endemic problem in enterprise data security, as hacking people is often easier than hacking sophisticated tech. This has pushed businesses to pursue a variety of solutions, including software failsafes that prevent sensitive data from being sent to off-network sources and additional training for employees that includes phishing drills.
Snapchat has confirmed it will push further employee training.
This event is not the firm’s first big security stumble. In 2013, the up-and-coming firm saw hackers get into the names and phone numbers of millions of the service’s users.
The firm has reportedly upgraded its security since then, though apparently not its staff.