For once, we’re not here to tell you about a company getting hacked, cracked, or otherwise broken-into via nefarious computer means. Although for employees of Snapchat the results are basically the same. An employee in the payroll department of Snapchat fell victim to a phishing scam, providing an individual with current — and previous — employee records.
The breach, which happened on Friday was a result of the phisher sending an e-mail to the payroll employee impersonating Snapchat CEO Evan Spiegel. The e-mail requested payroll information for not only current but also former employees, which was subsequently leaked publicly. For their part, Snapchat confirmed the breach almost immediately, and has been working with the FBI on the matter.
As I mentioned at the top, this wasn’t a hack. Nobody broke into Snapchat servers, no usernames or pictures/videos were taken. This was simply a slip-up by an employee that lead to their co-worker’s personal information getting leaked. In their blog post on the subject, Snapchat summed up their feelings quite succinctly.
A number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.
Snapchat also worked quickly to find out exactly which employees were affected. All of those employees have been contacted, and were offered two years of free identity theft insurance and monitoring. It’s nice to see the company responding so quickly to not only recognize, but also attempt to fix this type of issue. They continued in their blog post:
When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again.
It is not my intention to rail against the offending employee here, because I’m sure they feel sufficiently awful already, but this just reinforces the fact that you can have the best security in the world, but if an employee opens the gate for the wrong people, that security will be for naught.