According to a blog post published by Snapchat representatives on Sunday, an e-mail phishing scam made one of their employees leak sensitive company information about their payroll.
Apparently, the scammer, who was impersonating the company’s CEO, Evan Spiegel, sent an e-mail to one of Snapchat’s employees requesting certain payroll information.
Because on the surface the e-mail appeared legitimate, the employee (which remains unnamed) immediately complied with the request, unaware of the fact that the e-mail was actually a common phishing scam meant to obtain sensitive information and to embarrass the company.
Even though the incident proved how vulnerable Snapchat’s security protocols are, the company officials insist that their internal systems are fine and that no user information was exposed.
Although e-mail phishing is not as complex or elaborate as a malicious software or hacking a company’s server, it has proven to be quite effective in some situations.
Since it relies on the authenticity of the e-mail, it makes employees lower their guard and give out sensitive information voluntarily, without even realizing the risks.
In all cases, the message looks genuine and legitimate, often times giving the impression that it’s being initiated by a trusted source from inside the company.
Furthermore, because the e-mails appear real, they don’t get filtered by spam-blocking software and so they end up in the Inbox, where they begin to work their magic.
Snapchat officials stated that the scam has already been reported to the FBI and that the matter is currently being investigated.
The company even went as far as to apologize for the incident and to offer their employees two years of free identity theft insurance and monitoring.
As they highlighted in their blog post, “When something like this happens, all you can do is own up to your mistakes, take care of the people affected and learn from what went wrong.”
This is not the first time that the company has experienced security issues, however. Back in 2014 a group of hackers announced that they had obtained 4.6 million app user names and phone numbers.
At the time, the hackers released a database comprised of 4.6 million users, which they posted on snapchatdtb.info, account which is now suspended.
According to the hackers’ statement, their motivation for releasing that database was to raise public awareness regarding the security risk involved with using the platform and to pressure Snapchat into fixing their vulnerability.
Ever since the famous video messaging application was launched back in 2011, it has gained enormous popularity, having approximately 100 million daily active users and some 7 billion video views per day.
Image Source: Fortune