Los Angeles Times

Snapchat falls for email scam

Payroll worker is duped into believing email is from CEO.

- By Paresh Dave paresh. dave@ latimes. com Twitter: @ peard33

Employee payroll data were exposed after a worker responded to a phishing attack.

Snapchat Inc. has fallen victim to a phishing scam.

A payroll department employee at the Venice company emailed sensitive personal informatio­n about 700 current and former workers to someone pretending to be Chief Executive Evan Spiegel on Friday, a spokeswoma­n said.

The impostor received employees’ W- 2 tax form data, including name, Social Security number, wages, stock- option gains and benefits.

Fifteen minutes after replying, the employee realized the original request, which appeared as if it had been sent from Spiegel’s email address, wasn’t legitimate. The employee then sent a follow- up email to Spiegel, who didn’t recognize the original note.

The FBI is investigat­ing the incident. Current employees were quickly notif ied and an email to former employees was sent Sunday night. Everyone affected is being offered free credit monitoring and identity theft insurance.

User data wasn’t compromise­d and the company’s servers were not breached, Snapchat spokeswoma­n Mary Ritti said.

“It did not affect our users or our service whatsoever,” the company said in a statement. “It impacted our employees and we are obviously very sorry that it happened. We are doing everything we can to work with our team now and prevent it in the future.”

Phishing and other social engineerin­g tactics are the top reason behind corporate data breaches, surveys have shown.

No matter how many firewalls and other defenses companies mount, hackers have continued to f ind an easy way in by tricking workers into clicking malicious links and releasing data in response to realistic- looking messages.

Some organizati­ons have installed software to add extra security to emails and to prevent certain f iles from leaving internal networks. Many others have stepped up security training for employees, going as far as running “phishing drills” to teach employees to avoid the bait.

Ritti said Snapchat planned to do more internal training. She declined to release a copy of Friday’s phishing email, citing the ongoing law enforcemen­t investigat­ion.

Cybersecur­ity is a key issue for Snapchat’s brand. More than 100 million people use the entertainm­ent app each day, sometimes to send self- destructin­g photos and videos with sensitive content.

The company has had problems before. A vulnerabil­ity exploited by hackers in 2013 led to names and phone numbers of millions of users being compromise­d.

Since then, the company has touted several measures to upgrade security.

?? The Washing ton Post/ Getty I mages ?? THE I MPOSTOR CEO received employees’ W- 2 tax form data, including their names and Social Security numbers. Above, Snapchat’s off ices in Venice.
The Washing ton Post/ Getty I mages THE I MPOSTOR CEO received employees’ W- 2 tax form data, including their names and Social Security numbers. Above, Snapchat’s off ices in Venice.

Newspapers in English

Newspapers from United States