The company is apologizing after the hacker impersonating CEO Evan Spiegel managed to steal employee data.
Snapchat has just fallen victim to an embarrassing attack by a hacker impersonating their CEO Evan Spiegel, and the company is apologizing for releasing employee data as a result.
The hacker used an email pretending to be Spiegel to get data on both current and former employees on Friday, leading the company to issue the apology, according to a Forbes report.
Essentially, the hacker sent an email to the payroll department that appeared to be from Spiegel asking for payroll information, and the department complied. No details were released on how many people may have been compromised or what data that hacker acquired. However, Snapchat said that its internal systems hadn’t been breached, so really it wasn’t even technically a hack — more of a phishing scam.
Snapchat also claimed in the post that it responded “swiftly and aggressively,” and that within four hours the phishing attack was reported to the FBI after they determined it was an isolated incident. They also determined exactly which employees, both current and former, were affected by the breach.
Those who were affected were given two years of free identity theft insurance, and Snapchat said it will make sure the incident never happens again.
The Forbes report indicates that the Sony Pictures leak of 2014 may have enabled the individual to impersonate Spiegel, as much of his contact information was published.
CEO impersonations are actually fairly common, and typical losses from the attacks usually exceed $700,000, according to the report.
“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong,” Snapchat wrote in the apology note. “To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again.”