A Snapchat payroll employee sent sensitive information about 700 current and former employees after falling for a phishing scam.
They emailed tax form data including social security numbers, wages, stock-option gains and benefits after receiving an email from someone they thought was chief executive Evan Spiegel.
Fifteen minutes later, they realised the original request was not legitimate, and emailed Mr Spiegel who confirmed that the employee had been conned.
A message posted on Snapchat's website said: "We're a company that takes privacy and security seriously.
"So it's with real remorse - and embarrassment - that one of our employees fell for a phishing scam and revealed some payroll information about our employees.
"The good news is that our servers were not breached, and our users' data was totally unaffected by this.
"The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.
"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong."
The FBI is now investigating, and those whose data has compromised have been notified.
Everyone affected is being offered free credit monitoring software and identity theft insurance.
A Snapchat spokesman said that user data was not compromised and the firm's servers were not breached.
Phishing attacks - in which fake emails are used to encourage people to hand over sensitive data - are increasingly popular with hackers.
They can compromise systems that are well-protected by firewalls and other defences simply by relying on human error.
Snapchat says it plans to do more training sessions for staff to avoid it happening again.
More than 100 million people use the entertainment and photo-sharing app each day.
In 2013 a vulnerability exploited by hackers led to names and phone numbers of millions of users being compromised.
0 nhận xét:
Đăng nhận xét