Snapchat suffered a huge data breach over the weekend after an employee was caught out by a phishing email scam which impersonated co-founder and CEO Evan Spiegel requesting payroll information.
While the video messaging app’s servers were unaffected and user data remained completely safe, both former and current employees were informed that some of their sensitive information had been leaked.
Snapchat immediately reported the incident to the FBI and has offered affected staff two years of free identity theft insurance and monitoring.
‘When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again,’ the company wrote in a statement yesterday.
Snapchat admitted that it felt ‘real remorse – and embarrassment’ that one of its employees had fallen for the attack, particularly as it takes privacy and security so seriously.
Phishing is an increasingly popular hacking technique for soliciting personal information from a target. The scams typically involve seemingly legitimate content tailored to a specific person within a company, with the aim that the individual does not detect anything out of the ordinary.
Snapchat itself has experienced a number of high-level attacks since its formation in 2011. Just over two years ago, usernames and phone numbers of its then 4.6 million Snapchatters were leaked online. Again in 2014, at least 100,000 media files, including videos and photos, were shared over the internet. This breach, known as ‘The Snappening’, was reportedly the result of weakened security at a number of third-party apps, such as SnapSave, and the company maintained that hackers had not breached its own servers.