Last week, we warned readers that the so-called “CEO email scam” was back (did it ever really go away?) with a tax season twist: asking employees to hand over files of employee information, such as a W-2 form. The folks at Snapchat apparently didn’t get the memo, as the photo sharing company announced that it was the victim of a phishing scam that led to ne’er-do-wells getting their hands on the personal information of some employees.
Snapchat announced the hack on Sunday, noting that the issue only affected employees, that the company’s servers were not breached, and no user data was at risk.
According to Snapchat, the scam took place when a payroll department employee was “targeted by an isolated email phasing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information.”
The email wasn’t recognized as a scam, either by the employee or by email spam filters, and payroll information — including social security numbers, bank details, and salaries — for some current and former employees was disclosed externally.
“Needless to say, we responded swiftly and aggressively,” the company said. “Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI. We began sorting through which employees–current and past–may have been affected. And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring.”
In an effort to ensure another phishing scam doesn’t best employees in the future, the company says it will “redouble our already rigorous training programs around privacy and security in the coming weeks.”