Security Experts:

Connect with us

Hi, what are you looking for?



Snapchat Employee Falls for Phishing Attack

Snapchat on Friday was targeted by a phishing attack that resulted in some payroll information of its employees being inadvertently revealed.

Snapchat on Friday was targeted by a phishing attack that resulted in some payroll information of its employees being inadvertently revealed.

With more than 100 million daily active users, Snapchat is a highly popular social networking service aimed mainly at teens and millennials who can share short photos and videos with their friends and followers. According to the company, it tops over 7 billion video views every day.

Phishing Protection

In a blog post, Snapchat notes that the phishing attack resulted in some payroll information about its employees being revealed, but that its servers were not breached and user data was not exposed in any way. However, the phishing scam did result in the identities of a number of Snapchat employees being compromised.

The company explains that the attack was an isolated email phishing scam that was specifically targeted at the payroll department. The scammers impersonated Snapchat Chief Executive Officer Evan Spiegel, and apparently did it in a very convincing manner, given that the email seemed legitimate enough for an employee to provide the attacker with the requested information.

Snapchat says that the incident impacts both current and former employees, but did not reveal the exact number of affected people. However, the company did manage to identify which employees had their data leaked and has informed them on the matter.

According to Snapchat, it was able to determine that the incident was an isolated attack within four hours after its occurrence. The company has alerted the FBI on the matter.

The company also says that it plans on investing more in preventing similar incidents from happening again, mainly through improved employee training programs.

“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks,” Snapchat notes.

Social engineering represents one of the most used data stealing techniques in today’s threat landscape, mainly because people are one of the best exploits, as Proofpoint explains in its Human Factor 2016 report. Over 98 percent of the malicious emails sent last year required human interaction to infect a target, the report revealed.

In a December 2015 SecurityWeek column, Bill Sweeney, the US financial services evangelist of BAE Systems Applied Intelligence, explains that companies can protect against social engineering by implementing technologies that tackle it and by training employees.

“Today, one of the best ways to defend against social engineering is to beef up security through employee education. In combination with technology solutions, employee education can help build awareness to common social engineering techniques, such as phishing,” Sweeney said.

However, while education is important, it will never solve the problem of employees eventually falling for crafty and targeted phishing attacks.

Written By

Click to comment

Expert Insights

Related Content


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...