Snapchat is famous for its disappearing messages, but unfortunately not everything in this world is ephemeral when you need it to be. The L.A.-based company disclosed today that a number of its current and former employees had their identities compromised by a cyber attack this month.
“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”
Snapchat has had hacking problems in the past. The service leaked some 200,000 photos from users back in 2014 when unofficial third-party apps were compromised, but on this occasion the circumstances and outcome are different. For one thing, Snapchat said that no user data was affected, while the company is shouldering the blame for the issue. (Last time it said users who lost data were at fault for using unofficial accounts; it then subsequently nixed all third party access to its platform in the name of security.)
So what was accessed this time around? Snapchat isn’t being too specific — this is sensitive — but payroll information could include salary data, Social Security numbers, bank details, addresses, emails and other personal ID which, in the hands of the wrong people, could create headaches for those affected.
Corporate hacking and information theft has occupied the limelight regularly in recent years. The scale of the hack on Sony, which also took place in 2014, was unprecedented and, beyond putting confidential company information (including, ironically, details about Snapchat’s business) into the public forum, it also exposed the personal information and data belonging to thousands upon thousands of Sony staff.
Snapchat said it is “impossibly sorry” for this breach. It vowed to “redouble our already rigorous training programs around privacy and security” in the hope of preventing future incidents like this happening again.