Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snapchat Employee Data Leaked Following Phishing Scam (techcrunch.com)

Posted by yaelk on from the dont-share-personal-info dept.

An anonymous reader writes: Snapchat suffered a huge data breach over the weekend after an employee fell victim to a phishing email scam which impersonated co-founder and CEO Evan Spiegel requesting payroll information. While the video messaging app's servers were unaffected and user data remained completely safe, both former and current employees were informed that some of their sensitive information had been leaked. Snapchat immediately reported the incident to the FBI and has offered affected staff two years of free identity theft insurance and monitoring. Snapchat admitted that it felt 'real remorse and embarrassment' that one of its employees had fallen for the attack, particularly as it takes privacy and security so seriously.

5 of 48 comments (clear)

  1. Most embarrassing revelations by NotDrWho · · Score: 4, Funny

    That they all work at Snapchat.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Most embarrassing revelations by gstoddart · · Score: 4, Funny

      Isn't snapchat where you show your penis to random people on the internet and see how long before they disconnect?

      You'd think she'd recognize the CEO. ;-)

      --
      Lost at C:>. Found at C.
    2. Re:Most embarrassing revelations by NotDrWho · · Score: 3, Funny

      They told me I wasn't qualified to work there because I don't use terms like "Umadbro" in my internet posts.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
  2. You would think there would be better processes by swb · · Score: 3

    ...at least better than "an email from the CEO" asking for a bulk delivery of sensitive information.

    And maybe a process whereby it gets encrypted so only the recipient can open it..

    1. Re:You would think there would be better processes by gstoddart · · Score: 3, Insightful

      In your years which allow you to have such a low id ... have you observed that CEOs are likely to follow a damned process? In my experience, the higher up the org chart, the less you're willing to actually follow any processes and policies; I've seen VPs who would do stuff which would get a normal person sacked because it's so stupid and contrary to security policies.

      But, in this specific case, it sounds like a well crafted bit of spear phishing ... an email from someone you know, demanding something they know you have, and containing all of the right cues to make you respond.

      Most people aren't really capable of the sustained level of paranoia which allows you to say "I just received email from our CEO and I need to assume it's completely fraudulent". As much as many of us on Slashdot do it, it's really not a "normal" behavior most people can wrap their head around.

      Not trusting anything is normally considered a mental problem; sadly where it comes to email and modern technology, it's the entirely reasonable response.

      --
      Lost at C:>. Found at C.