Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Snapchat Employee Falls for Phishing Attack

Snapchat on Friday was targeted by a phishing attack that resulted in some payroll information of its employees being inadvertently revealed.

Snapchat on Friday was targeted by a phishing attack that resulted in some payroll information of its employees being inadvertently revealed.

With more than 100 million daily active users, Snapchat is a highly popular social networking service aimed mainly at teens and millennials who can share short photos and videos with their friends and followers. According to the company, it tops over 7 billion video views every day.

Phishing Protection

In a blog post, Snapchat notes that the phishing attack resulted in some payroll information about its employees being revealed, but that its servers were not breached and user data was not exposed in any way. However, the phishing scam did result in the identities of a number of Snapchat employees being compromised.

The company explains that the attack was an isolated email phishing scam that was specifically targeted at the payroll department. The scammers impersonated Snapchat Chief Executive Officer Evan Spiegel, and apparently did it in a very convincing manner, given that the email seemed legitimate enough for an employee to provide the attacker with the requested information.

Snapchat says that the incident impacts both current and former employees, but did not reveal the exact number of affected people. However, the company did manage to identify which employees had their data leaked and has informed them on the matter.

According to Snapchat, it was able to determine that the incident was an isolated attack within four hours after its occurrence. The company has alerted the FBI on the matter.

The company also says that it plans on investing more in preventing similar incidents from happening again, mainly through improved employee training programs.

“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks,” Snapchat notes.

Advertisement. Scroll to continue reading.

Social engineering represents one of the most used data stealing techniques in today’s threat landscape, mainly because people are one of the best exploits, as Proofpoint explains in its Human Factor 2016 report. Over 98 percent of the malicious emails sent last year required human interaction to infect a target, the report revealed.

In a December 2015 SecurityWeek column, Bill Sweeney, the US financial services evangelist of BAE Systems Applied Intelligence, explains that companies can protect against social engineering by implementing technologies that tackle it and by training employees.

“Today, one of the best ways to defend against social engineering is to beef up security through employee education. In combination with technology solutions, employee education can help build awareness to common social engineering techniques, such as phishing,” Sweeney said.

However, while education is important, it will never solve the problem of employees eventually falling for crafty and targeted phishing attacks.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights