Snapchat posted a public apology on their blog this past weekend owning up to a mistake made by one of their employees. Targeted by a phishing scam, the employee revealed payroll information about several employees to a third party, meaning their identify information has been compromised. Snapchat says they are “impossibly sorry” for the breach of their privacy and security efforts.
According to Snapchat’s post, the phishing scammer was impersonating Snapchat CEO Evan Spiegel as part of an effort to obtain payroll information about several current and former employees. Unfortunately, an employee who received one of the phishing emails failed to recognize it as such and disclosed the requested information. Snapchat says that their internal systems were not breached nor were any systems housing user data.
Snapchat indicates they reported the incident to the FBI within a few hours after it occurred. The company also reached out to the affected individuals to notify them of the breach and to offer them two years of identify theft insurance and monitoring services. Snapchat is also reviewing the incident to try to learn what could be done to prevent future incidents and increasing their training on privacy and security issues.