Snapchat worker falls for email phishing scam

Employee payroll information gets spilled, but the maker of the popular photo-sharing app says your user data stayed under wraps.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read

An email phishing scam tricked an employee at Snapchat.


A Snapchat employee inadvertently spilled sensitive company information after falling for an email trick.

On Friday, an unidentified worker for the maker of the popular photo and video sharing app received an email asking for payroll information, Snapchat revealed in a blog post published Sunday. The email, which claimed to be from Snapchat CEO Evan Spiegel, apparently seemed legitimate enough to the person, who complied with the request.

Oops. The email was actually a phishing scam, and it resulted in pay and personal data for some employees being divulged to an outsider.

Snapchat stressed that none of its internal systems were breached and that no user information was compromised. The company's app, which has been around since 2011, has more than 100 million daily active users, many of them teens and millennials, and boasts more than 7 billion video views every day. It's become enough of a contemporary institution that even the White House now has an account.

Unlike other security threats that involve the spread of malicious software or hackers gaining access to computers, email phishing relies on simple social engineering -- that is, one person fooling another person. It takes advantage of people who may not think before responding to an email that seems authentic. In many cases, it's done with a phone call rather than an email message. Either way, the fact that a worker at a tech-savvy firm like Snapchat got taken in shows how easy it can be to fall for such scams.

With email phishing, messages can look genuine, often appearing to come from a real company or other trusted source. And because the messages appear legitimate, they don't necessarily get blocked by spam filtering software.

Snapchat said the scam was isolated and was reported to the FBI. Employees affected by the scam have been contacted and will be offered two years of free identity theft insurance and monitoring, the company added.

The company declined to provide more details because the incident is under investigation.

"When something like this happens," Snapchat said, "all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong."