Snapchat Inc. has fallen victim to a phishing scam.
A payroll department employee at the Venice company emailed sensitive personal information about 700 current and former workers to someone pretending to be Chief Executive Evan Spiegel on Friday, a spokeswoman said.
The impostor received employees’ W-2 tax form data, including name, Social Security number, wages, stock-option gains and benefits. Fifteen minutes after replying, the employee realized the original request, which appeared as if it had been sent from Spiegel’s email address, wasn’t legitimate. The employee then sent a followup email to Spiegel, who didn’t recognize the original note.
The FBI is investigating the incident. Current employees were quickly notified and an email to former employees was sent Sunday night. Everyone affected is being offered free credit monitoring and identity theft insurance.
Some organizations have installed software to add extra security to emails and to prevent certain files from leaving internal networks. Many others have stepped up security training for employees, going as far as running “phishing drills” to teach employees to avoid the “bait.”
Ritti said Snapchat planned to do more internal training. She declined to release a copy of Friday’s phishing email, citing the ongoing law enforcement investigation.
Cybersecurity is a key issue for Snapchat’s brand. More than 100 million people use the entertainment app each day, sometimes to send self-destructing photos and videos with sensitive content. The company has had problems before. A vulnerability exploited by hackers in 2013 led to names and phone numbers of millions of users being compromised. Since then, the company has touted several measures to upgrade security