Snapchat is facing heavy criticism after an employee unknowingly leaked sensitive payroll data to a phishing scammer.
The social media organization issued “An Apology to Our Employees.”
“The good news is that our servers were not breached, and our users’ data was totally unaffected by this,” the statement said. “The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.”
A scammer impersonating Snapchat’s CEO Evan Spiegel requested payroll information about current and former employees. The Human Resources employee handed over the information.
Snapchat’s blog states that the incident was reported to FBI within four hours of the attack. The organization is offering affected employees two years of free identity-theft insurance.
Ars Technica writer Sean Gallagher reported that “whaling” attacks are on the rise.
“The trend has been linked partially to Nigerian-based financial fraud—e-mails crafted to look like they are from a company executive, such as a chief financial officer, direct finance employees to wire money to an account for an urgent deal or invoice payment, and then the money is quickly withdrawn. These attacks are often made easier through the use of sites such as LinkedIn to gather intelligence about employees that might have access to desired information or have access to company funds.”
Here’s how Snapchat says it’s handling the crisis:
“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong.”
RELATED: Motivate employees with digital communications that inspire.
In recent articles, Fortune and The Guardian discussed the irony of Snapchat falling for a scam as unsavvy as email phishing.
“Even ‘tech savvy millennials’ can fall prey,” The Guardian wrote.
To prevent social engineering from getting the best of employees in the future, Snapchat plans to "redouble" its training procedures.