Popular social network app Snapchat has revealed that its employees were targeted by a scammer pretending to be the company's co-founder and CEO Evan Spiegel in a phishing attack.
According to Snapchat, an individual within the company received an email on Friday asking for payroll details, information which was handed over after the scam was not noticed by employees.
The attack has been reported to the FBI and identity-theft insurance and monitoring have been offered to both current and former employees.
The company issued a statement saying: "We’re a company that takes privacy and security seriously. So it’s with real remorse - and embarrassment - that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry."
With all the security scandals that have come to light in recent months, the way Snapchat has reacted to this attack is admirable. Even though no user data was affected, the company has moved to minimise the impact of any possible negative publicity by openly admitting what happened early on, unlike other companies which haven't been quite so transparent.
The statement continues: "When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again."
Richard Beck, Head of Cyber Security at QA commented: "Reports that Snapchat has fallen victim to a phishing attack underlines the findings of a new report from PhishLabs, which concludes that this method of attack remains the top threat vector for cyber assaults. As the scammers become ever more sophisticated, it’s easy to be duped, as Snapchat’s payroll department unfortunately discovered.
"The good news is that arming employees with some basic cyber security know-how – such as knowing not to click on a URL sent via email – makes it relatively easy to thwart these scammers and defend against the cyber threats that every business faces today."
Photo credit: 360b / Shutterstock.com