After a phishing scam succeeded on Friday to expose the payroll information of some Snapchat employees, CEO Evan Spiegel wrote them a letter to express his deepest apologies.
A phishing scam typically directs a user to a fake website requesting personal information that the legitimate organization would otherwise have. And this is what happened as a scammer impersonating CEO Evan Spiegel collected the payrolls of about 700 Snapchat employees.
Before realizing it was a hoax, one worker in the payroll department gave out information on ex and current employees of the company. The targeted employee leaked confidential information – thinks names, Social Security numbers, wages, benefits, stock-options, and W-2 tax form data.
Some minutes after sending out the information, the worker felt the request was somewhat fishy, and checked in with Spiegel himself to verify the accuracy of the original request; to his demise, the Snapchat leader hadn’t sent such a request.
Over the past four months, Snapchat had received more than 400 legal requests in regard to its user data; in other words, the company gets an average of 100 requests per month, or roughly three each day.
Two days after the phishing scam’s success, the company sent out an apology letter, offering compensations to employees who were affected, such as two years of free identity-theft insurance and monitoring.
FBI was notified shortly after, and the agency is currently investigating the phishing scam. According to Snapchat, none of its users’ data has been breached on Friday: everything is untouched and safe still.
The company apologized sincerely to the employees whose personal data was compromised. “A number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry,” Snapchat wrote.
As far as enterprise data breaches go, studies show that phishing is one of the first culprits. No matter how many IT defense systems and firewalls a company sets in place, hackers still manage to trick employees to releasing data in response to convincing messages.
Trying to fight back this type of threat, firms have set up software and additional security filters to make sure that certain information isn’t sent outside internal networks.
Moreover, a lot of companies – including Snapchat – provide extensive security training for employees. This means they are taught to recognize threats and suspicious activities first hand by being subjected to “phishing drills.”
In light of the recent leak, the company pledged to “redouble our already rigorous training programs around privacy and security in the coming weeks.”
Image Source: CBS News