Someone at Snapchat fell for the oldest online identity-stealing trick in the book and believed a phishing scam was real.
The company apologized to its employees on Sunday after disclosing the security breach. A malicious attacker emailed someone in Snapchat’s payroll department posing as Snapchat CEO Evan Spiegel. The scammer asked for payroll information about employees, and, not realizing it was a total scam, the person emailed it over, exposing the private data of Snapchat employees.
To be clear, no user data was leaked, so your phone number, username, and all those salacious snaps are totally safe. Vital and personal data of employees, however, was distributed outside the company, and it’s unclear how many people were affected. Snapchat says it reported the phishing scam to the FBI.
Phishing is a common way for attackers to gain access to personal information in order to steal your identity, use your credit card, or take over your online accounts. Typically, an attacker will pose as a trustworthy source, like an online retailer or your credit card provider, and request information via email.
The email will look legitimate, and often it’s hard to discern the scam if you’re not aware of what you’re looking for. Scammers use social engineering to get personal information out of a target, and once they’ve given up their data—whether that’s through clicking on a link and entering passwords or simply sending over documents scammers are asking for—your information is out there for attackers to use.
Snapchat’s security debacle illustrates that even the most technologically-savvy companies and people can fall victim to targeted phishing attacks, not just people who might be unfamiliar with online security and the ways phishing scams operate. It’s embarrassing for Snapchat, and the company says it’s redoubling training programs surrounding privacy and security.
Photo via Osman Kalkavan / Flickr (CC by 2.0) | Remix by Max Fleishman