Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Snapchat loses payroll information to phoul phisherpholk

Employee data blabbed to wannabe CEO. User data safe. Promise

Snapchat has blabbed its staff payroll information to a criminal after someone in human resources fell prey to a phishing email.

The firm told employees past and present in a statement that it is "impossibly sorry" for the error. It says users who have never worked for the company have not been affected.

The company blog says "... It's with real remorse and embarrassment that one of our employees fell for a phishing scam and revealed some payroll information about our employees," as you can read here.

"The good news is that our servers were not breached, and our users' data was totally unaffected by this.

"The bad news is that a number of our employees have now had their identity compromised and for that we're just impossibly sorry."

The attack Friday targeted the sext and text company's payroll department with a lone phishing email impersonating chief executive officer Evan Spiegel in a request for pay data.

A "swift and aggressive" response four hours after the attack confirmed the scope of the breach and reported the crime to the FBI.

Snapchat has contacted those affected, offering two years of free identity-theft insurance and monitoring.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong." It is "redoubling" its security and privacy efforts.

Phishing is the preferred attack vector for many highly advanced and simple hacking attacks because humans are the softest link in most security chains.

Anti-phishing training campaigns are now well-oiled machines that are used by some of the world's biggest technology companies. Many anti-phishing toolkits are free.

Social networks are alive to their status as phishing targets. Former Twitter security man Dan Tentler has described the avian network's internal phishing training initiative in which infosec bods regularly phished their own employees, making the lures more difficult to spot as staff became more savvy. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like