Snapchat’s human resources department fell for a big phishing scam recently, where its payroll department emailed W-2 tax data, other personal data, and stock option information to an email address that appeared to be of the CEO, Evan Spiegel.
According to the Los Angeles Times, the payroll department realized it had been interacting with a suspicious account and checked with Spiegel, who said he didn’t make any such request.
Snapchat employees were notified promptly and given free credit monitoring and identity theft insurance and no user data was compromised. Considering that the app is best known best as a place to exchange revealing photos and videos, if millions of such private moments been made public, it would have made the Ashley Madison scandal seem tame in comparison.
The company has experienced security breaches before. In 2013, 4.6 million users’ phone numbers were hacked and posted in a forum.
This phishing incident, which the FBI is investigating, is an example of one of the most successful tactics used today to mine sensitive information illegally. According to the Times, phishing or getting employees to click on something they shouldn’t is a top reason for information hacks.
Because of this, numerous organizations, participate in employee training to steel defenses against a phishing attack. Snapchat plans to participate in employee phishing training.